gagaman Posted October 30, 2011 Share Posted October 30, 2011 Hello HJT crew, The browsers (IE, FF) on this pc had a lot of toolbars (babylon, qword, and some others). Also the startpage could not be changed. I managed to get rid of them using ccleaner, emisoft antimalware,superantispyware and pcmatic. Maybe there are still leftovers, or other malware on this computer. Please take a look at the log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:45:28, on 30/10/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Emsisoft Anti-Malware\a2service.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\vVX1000.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe C:\Program Files\D-Link\DWA-125 revA\WZCSLDR2.exe C:\Program Files\PCPitstop\Info Center\InfoCenter.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O4 - HKLM\..\Run: [six Engine] "C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe" -r O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup O4 - HKLM\..\Run: [uVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" O4 - HKLM\..\Run: [D-Link D-Link DWA-125] C:\Program Files\D-Link\DWA-125 revA\AirGCFG.exe O4 - HKLM\..\Run: [WZCSLDR2] C:\Program Files\D-Link\DWA-125 revA\WZCSLDR2.exe O4 - HKLM\..\Run: [info Center] C:\Program Files\PCPitstop\Info Center\InfoCenter.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.dadsproject.com/Klokkijken/klokkijken.php" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} (VersionControl Class) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243013861984 O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O20 - AppInit_DLLs: O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: Emsisoft Anti-Malware 5.1 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: D_Link_DWA-125 Service (D_Link_DWA-125) - Wireless Service - C:\Program Files\D-Link\DWA-125 revA\ANIWZCSdS.exe O23 - Service: D_Link_DWA-125_WPS Service (D_Link_DWA-125_WPS) - Unknown owner - C:\Program Files\D-Link\DWA-125 revA\ANIWConnService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PCPitstop Scheduling - PC Pitstop LLC - C:\Program Files\PCPitstop\PCPitstopScheduleService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 9528 bytes Link to post Share on other sites
JonTom Posted November 1, 2011 Share Posted November 1, 2011 Hello gagaman My name is JonTom Malware Logs can sometimes take a lot of time to research and interpret. Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation. Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean. Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet. PLEASE NOTE: If you do not reply after 5 days your thread will be closed. Lets see what the following scans can tell us: Please perform the following scan Please download DDS from here and save it to your desktop. Disable any script blocking protection (How to Disable your Security Programs) Double click on the DDS icon to run the tool (may take up to 3 minutes to run). When done, DDS.txt will open. After a few moments, attach.txt will open in a second window. Save both reports to your desktop. Please post the contents of the DDS.txt and Attach.txt logs in your next reply. Please scan your system with GMER Download GMER Rootkit Scanner from here or here. Extract the contents of the zipped file to desktop. Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO. In the right panel, you will see several boxes that have been checked. Uncheck the following ... IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one) Then click the Scan button & wait for it to finish. Once done click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post. Save it where you can easily find it, such as your desktop, and post it in your reply. **Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries Please post the DDS logs and the GMER log in your next reply. If you encounter any problems with the scans come back and let me know. Link to post Share on other sites
gagaman Posted November 1, 2011 Author Share Posted November 1, 2011 Hello Jontom, Thanks for taking a look at this. The requested logs: DDS-log . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: Run by mama at 9:51:24 on 2011-11-01 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3327.2599 [GMT 1:00] . AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes =============== . C:Program FilesEmsisoft Anti-Malwarea2service.exe C:WINDOWSsystem32svchost -k DcomLaunch svchost.exe C:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe C:WINDOWSSystem32svchost.exe -k netsvcs C:WINDOWSsystem32svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:WINDOWSsystem32spoolsv.exe svchost.exe C:Program FilesSUPERAntiSpywareSASCORE.EXE C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe C:Program FilesBonjourmDNSResponder.exe C:Program FilesLogMeInx86LMIGuardianSvc.exe C:Program FilesLogMeInx86RaMaint.exe C:Program FilesLogMeInx86LogMeIn.exe C:Program FilesMicrosoft LifeCamMSCamS32.exe C:WINDOWSsystem32PnkBstrA.exe C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe C:WINDOWSsystem32svchost.exe -k imgsvc C:WINDOWSsystem32wuauclt.exe C:WINDOWSExplorer.EXE C:Program FilesASUSEPU-4 EngineFourEngine.exe C:Program FilesLogMeInx86LogMeInSystray.exe C:WINDOWSRTHDCPL.EXE C:WINDOWSvVX1000.exe C:Program FilesMicrosoft Security Clientmsseces.exe C:Program FilesInternet Exploreriexplore.exe C:Program FilesiTunesiTunesHelper.exe C:Program FilesPowerISOPWRISOVM.EXE C:Program FilesCommon FilesInterVideoSchSvrSchSvr.exe C:Program FilesD-LinkDWA-125 revAAirGCFG.exe C:Program FilesInternet Exploreriexplore.exe C:Program FilesD-LinkDWA-125 revAWZCSLDR2.exe C:Program FilesPCPitstopInfo CenterInfoCenter.exe C:WINDOWSsystem32ctfmon.exe C:Program FilesSkypePhoneSkype.exe C:Program FilesInterVideoCommonBinWinCinemaMgr.exe C:Program FilesSpywareGuardsgmain.exe C:Program FilesSpywareGuardsgbhp.exe C:Program FilesiPodbiniPodService.exe C:WINDOWSsystem32wscntfy.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.be/ uRun: [CTFMON.EXE] c:windowssystem32ctfmon.exe uRun: [skype] "c:program filesskypephoneSkype.exe" /nosplash /minimized uRunOnce: [shockwave Updater] c:windowssystem32adobeshockwave 11SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.dadsproject.com/Klokkijken/klokkijken.php" mRun: [six Engine] "c:program filesasusepu-4 engineFourEngine.exe" -r mRun: [LogMeIn GUI] "c:program fileslogmeinx86LogMeInSystray.exe" mRun: [RTHDCPL] RTHDCPL.EXE mRun: [LifeCam] "c:program filesmicrosoft lifecamLifeExp.exe" mRun: [VX1000] c:windowsvVX1000.exe mRun: [MSC] "c:program filesmicrosoft security clientmsseces.exe" -hide -runkey mRun: [AppleSyncNotifier] c:program filescommon filesapplemobile device supportAppleSyncNotifier.exe mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe" mRun: [PWRISOVM.EXE] c:program filespowerisoPWRISOVM.EXE -startup mRun: [uVS10 Preload] c:program filesulead systemsulead videostudio se dvduvPL.exe mRun: [WinDVR SchSvr] "c:program filescommon filesintervideoschsvrSchSvr.exe" mRun: [D-Link D-Link DWA-125] c:program filesd-linkdwa-125 revaAirGCFG.exe mRun: [WZCSLDR2] c:program filesd-linkdwa-125 revaWZCSLDR2.exe mRun: [info Center] c:program filespcpitstopinfo centerInfoCenter.exe dRun: [CTFMON.EXE] c:windowssystem32CTFMON.EXE dRun: [DWQueuedReporting] "c:progra~1common~1micros~1dwdwtrig20.exe" -t StartupFolder: c:docume~1mamamenust~1progra~1opstar~1spywar~1.lnk - c:program filesspywareguardsgmain.exe StartupFolder: c:docume~1alluse~1menust~1progra~1opstar~1interv~1.lnk - c:program filesintervideocommonbinWinCinemaMgr.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~2office12REFIEBAR.DLL DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243013861984 DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 195.130.130.4 195.130.131.4 TCP: Interfaces{4F52C767-993D-4BB5-AE28-5E54599325CC} : DhcpNameServer = 195.130.131.132 195.130.130.4 TCP: Interfaces{57CC1820-8280-407F-8BB2-EB8E5714DF5F} : DhcpNameServer = 195.130.130.4 195.130.131.4 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll Notify: !SASWinLogon - c:program filessuperantispywareSASWINLO.DLL Notify: LMIinit - LMIinit.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:program filesspywareguardspywareguard.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:program filessuperantispywareSASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:documents and settingsmamaapplication datamozillafirefoxprofileshefq8rku.default FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17243 FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon) FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=17243&q= FF - plugin: c:program filesgooglegoogle earthpluginnpgeplugin.dll FF - plugin: c:program filesgoogleupdate1.3.21.79npGoogleUpdate3.dll FF - plugin: c:program filesmicrosoft silverlight4.0.60831.0npctrlui.dll FF - plugin: c:program filesmicrosoftoffice livenpOLW.dll FF - plugin: c:program fileswindows livephoto galleryNPWLPG.dll . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;c:windowssystem32driversMpFilter.sys [2010-10-24 165648] R1 MpKsl9b6688ef;MpKsl9b6688ef;c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{fa7d8d51-0dc0-469c-aafb-2f442ee7cda1}MpKsl9b6688ef.sys [2011-11-1 28752] R1 SASDIFSV;SASDIFSV;c:program filessuperantispywareSASDIFSV.SYS [2009-5-14 12880] R1 SASKUTIL;SASKUTIL;c:program filessuperantispywareSASKUTIL.SYS [2009-5-14 67664] R2 !SASCORE;SAS Core Service;c:program filessuperantispywareSASCORE.EXE [2011-6-12 116608] R2 a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service;c:program filesemsisoft anti-malwarea2service.exe [2011-6-13 3045688] R2 ANPD;ANPD Service;c:windowssystem32ANPD.SYS [2011-10-30 29411] R2 fssfltr;FssFltr;c:windowssystem32driversfssfltr_tdi.sys [2009-10-11 54752] R2 LMIGuardianSvc;LMIGuardianSvc;c:program fileslogmeinx86LMIGuardianSvc.exe [2010-10-5 374152] R2 LMIInfo;LogMeIn Kernel Information Provider;c:program fileslogmeinx86rainfo.sys [2008-7-24 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:windowssystem32driversLMIRfsDriver.sys [2009-5-22 47640] R3 rt2870;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:windowssystem32driversDrt2870.sys [2011-10-30 779136] S1 MpKsl2a03b60a;MpKsl2a03b60a;??c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{7262ea36-dceb-49b7-87ab-3885ae2c843c}mpksl2a03b60a.sys --> c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{7262ea36-dceb-49b7-87ab-3885ae2c843c}MpKsl2a03b60a.sys [?] S1 MpKslb124d8ed;MpKslb124d8ed;??c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{56bff251-6282-460b-b669-266224a92bb0}mpkslb124d8ed.sys --> c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{56bff251-6282-460b-b669-266224a92bb0}MpKslb124d8ed.sys [?] S1 MpKsld0e9bdc2;MpKsld0e9bdc2;??c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{70379d85-e50b-44ff-86e2-cfc904337769}mpksld0e9bdc2.sys --> c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{70379d85-e50b-44ff-86e2-cfc904337769}MpKsld0e9bdc2.sys [?] S3 a2acc;a2acc;c:program filesemsisoft anti-malwarea2accx86.sys [2011-6-13 73728] S3 Ambfilt;Ambfilt;c:windowssystem32driversAmbfilt.sys [2009-5-22 1691480] S3 D_Link_DWA-125;D_Link_DWA-125 Service;c:program filesd-linkdwa-125 revaANIWZCSdS.exe [2011-10-30 126976] S3 D_Link_DWA-125_WPS;D_Link_DWA-125_WPS Service;c:program filesd-linkdwa-125 revaANIWConnService.exe [2011-10-30 40960] S3 fsssvc;De service Windows Live Family Safety;c:program fileswindows livefamily safetyfsssvc.exe [2010-4-28 704872] S3 gupdate;Google Updateservice (gupdate);c:program filesgoogleupdateGoogleUpdate.exe [2009-11-22 135664] S3 gupdatem;Google Update-service (gupdatem);c:program filesgoogleupdateGoogleUpdate.exe [2009-11-22 135664] S3 NPF;NetGroup Packet Filter Driver;c:windowssystem32driversnpf.sys [2007-11-6 34064] S3 npggsvc;nProtect GameGuard Service;c:windowssystem32gamemon.des -service --> c:windowssystem32GameMon.des -service [?] S3 PCPitstop Scheduling;PCPitstop Scheduling;c:program filespcpitstopPCPitstopScheduleService.exe [2011-10-30 91816] S3 SASENUM;SASENUM;c:program filessuperantispywareSASENUM.SYS [2009-5-14 12872] S3 SMIGrabber3C;SMI Grabber Device Tuner Filter 3C;c:windowssystem32driversSmiUsbGrabber3C.sys [2011-8-10 805632] S4 LMIRfsClientNP;LMIRfsClientNP; [x] . =============== Created Last 30 ================ . 2011-11-01 08:44:42 28752 ----a-w- c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{fa7d8d51-0dc0-469c-aafb-2f442ee7cda1}MpKsl9b6688ef.sys 2011-11-01 08:44:39 56200 ----a-w- c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{fa7d8d51-0dc0-469c-aafb-2f442ee7cda1}offreg.dll 2011-10-30 20:44:37 388096 ----a-r- c:documents and settingsmamaapplication datamicrosoftinstaller{45a66726-69bc-466b-a7a4-12fcba4883d7}HiJackThis.exe 2011-10-30 20:44:36 -------- d-----w- c:program filesTrend Micro 2011-10-30 17:26:21 -------- d--h--r- c:documents and settingsmamaOnlangs geopend 2011-10-30 16:56:16 -------- d-----w- c:documents and settingsall usersapplication dataPCPitstopDat 2011-10-30 16:41:29 6668624 ----a-w- c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{fa7d8d51-0dc0-469c-aafb-2f442ee7cda1}mpengine.dll 2011-10-30 06:16:16 48640 ----a-w- c:windowssystem32ANPD64.SYS 2011-10-30 06:16:16 34008 ----a-w- c:windowssystem32ANPD.VXD 2011-10-30 06:16:16 315392 ----a-w- c:windowssystem32ANPDApi.dll 2011-10-30 06:16:16 29411 ----a-w- c:windowssystem32ANPD.SYS 2011-10-30 06:15:34 779136 ----a-w- c:windowssystem32driversDrt2870.sys 2011-10-30 06:15:33 221184 ----a-w- c:windowssystem32RaCoInst.dll 2011-10-30 06:15:32 -------- d-----w- c:program filesD-Link 2011-10-19 14:31:15 -------- d-----w- c:documents and settingsall usersapplication dataHEMA Fotoservice 2011-10-19 14:31:13 -------- d-----w- c:program filesHEMA Fotoservice 2011-10-13 17:56:57 -------- d-----w- c:documents and settingsall usersapplication datatmp 2011-10-13 17:56:56 -------- d-----w- c:documents and settingsall usersapplication datahps 2011-10-13 17:55:38 -------- d-----w- c:program filesbol.com . ==================== Find3M ==================== . 2011-10-30 17:56:26 414368 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl 2011-10-08 06:50:36 83360 ----a-w- c:windowssystem32LMIRfsClientNP.dll 2011-10-08 06:50:36 52096 ----a-w- c:windowssystem32spoolprtprocsw32x86LMIproc.dll 2011-10-08 06:50:35 87424 ----a-w- c:windowssystem32LMIinit.dll 2011-10-08 06:50:35 30592 ----a-w- c:windowssystem32LMIport.dll 2011-09-26 09:41:44 614912 ----a-w- c:windowssystem32uiautomationcore.dll 2011-09-26 09:41:44 23040 ----a-w- c:windowssystem32oleaccrc.dll 2011-09-26 09:41:20 220160 ----a-w- c:windowssystem32oleacc.dll 2011-09-09 09:12:05 602624 ----a-w- c:windowssystem32crypt32.dll 2011-09-06 14:09:57 1859072 ----a-w- c:windowssystem32win32k.sys 2011-08-22 23:41:22 916480 ----a-w- c:windowssystem32wininet.dll 2011-08-22 23:41:20 43520 ----a-w- c:windowssystem32licmgr10.dll 2011-08-22 23:41:20 1469440 ----a-w- c:windowssystem32inetcpl.cpl 2011-08-22 11:58:28 385024 ----a-w- c:windowssystem32html.iec 2011-08-17 13:49:54 138496 ----a-w- c:windowssystem32driversafd.sys 2011-08-13 12:00:22 61244 ----a-w- c:windowssystem32x264vfw-uninstall.exe . ============= FINISH: 9:51:34,26 =============== Attach-log . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: DeviceHarddiskVolume1 Install Date: 22/05/2009 9:01:14 System Uptime: 1/11/2011 9:44:14 (0 hours ago) . Motherboard: ASUSTeK Computer INC. | | P5QL PRO Processor: Intel Pentium III Xeon-processor | LGA775 | 2997/333mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 146 GiB total, 31,241 GiB free. D: is FIXED (NTFS) - 152 GiB total, 128,687 GiB free. E: is CDROM () F: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP867: 30/10/2011 21:44:35 - Installed HiJackThis . ==== Installed Programs ====================== . Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.1 - Nederlands Adobe Shockwave Player 11.5 AMCap Any Video Converter 3.1.1 Apple Application Support Apple Mobile Device Support Apple Software Update Applian Director Assassin's Creed ASUS nVidia Driver Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver µTorrent AviSynth 2.5 Beveiligingsupdate voor Microsoft Windows (KB2564958) Beveiligingsupdate voor Windows Internet Explorer 8 (KB2559049) Beveiligingsupdate voor Windows Internet Explorer 8 (KB2586448) Beveiligingsupdate voor Windows Media Encoder (KB2447961) Beveiligingsupdate voor Windows XP (KB2536276-v2) Beveiligingsupdate voor Windows XP (KB2562937) Beveiligingsupdate voor Windows XP (KB2566454) Beveiligingsupdate voor Windows XP (KB2567053) Beveiligingsupdate voor Windows XP (KB2567680) Beveiligingsupdate voor Windows XP (KB2570222) Beveiligingsupdate voor Windows XP (KB2570947) Beveiligingsupdate voor Windows XP (KB2592799) Beveiligingsupdate voor Windows XP (KB923789) bol.com fotoservice Bonjour Call of Duty® - World at War Call of Duty® - World at War 1.2 Patch Call of Duty® - World at War 1.3 Patch Call of Duty® - World at War 1.4 Patch Call of Duty® 2 Call of Duty® 4 - Modern Warfare Call of Duty® 4 - Modern Warfare 1.7 Patch Call of Duty: Modern Warfare 2 Call of Duty: Modern Warfare 2 - Multiplayer Canon MP495 series MP Drivers CCleaner Click to Call with Skype Conduit Engine D-Link DWA-125 DScaler 4.1.15 Emsisoft Anti-Malware 5.1 EPU-4 Engine Fraps Free Audio Dub version 1.7.7 Free Studio version 5.0.8 Free Video Dub version 1.8 Free Video to MP3 Converter version 4.1 Free YouTube Download 2.10 GoGear ARIA Device Manager Google Chrome Google Earth Google Update Helper HEMA Fotoservice HiJackThis Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB976002-v5) Hotfix voor Windows XP (KB2570791) HP-software voor foto- en beeldbewerking 2.0 - All-in-One HP-software voor foto- en beeldbewerking 2.0 - All-in-One stuurprogramma HP-software voor foto- en beeldbewerking 2.0 - HP psc 1200 hp psc 1200 series Huffyuv AVI lossless video codec (Remove Only) ijji - Gunz ijji REACTOR Info Center 1.0.0.7 InterVideo WinDVR 3 iTunes Java 6 Update 16 Junk Mail filter update Lame ACM MP3 Codec LimeWire 5.1.3 LogMeIn Media Converter for Philips Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Dutch Language Pack Microsoft .NET Framework 1.1 Security Update (KB2572067) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - NLD Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - NLD Microsoft .NET Framework 3.5 Language Pack SP1 - nld Microsoft .NET Framework 3.5 SP1 Microsoft ActiveSync Microsoft Antimalware Microsoft Antimalware Service NL-NL Language Pack Microsoft Application Error Reporting Microsoft Choice Guard Microsoft LifeCam Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (Dutch) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office Excel Viewer Microsoft Office File Validation Add-In Microsoft Office Groove MUI (Dutch) 2007 Microsoft Office InfoPath MUI (Dutch) 2007 Microsoft Office Live Add-in 1.3 Microsoft Office OneNote MUI (Dutch) 2007 Microsoft Office Outlook MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (Dutch) 2007 Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Word MUI (Dutch) 2007 Microsoft Search Enhancement Pack Microsoft Security Client Microsoft Security Client NL-NL Language Pack Microsoft Security Essentials Microsoft Silverlight Microsoft Software Update for Web Folders (Dutch) 12 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MobileMe Control Panel Mozilla Firefox 4.0.1 (x86 nl) MSVCRT MSVCRT Redists MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA Drivers NVIDIA PhysX OGA Notifier 2.0.0048.0 Paint.NET v3.5.8 PC Matic 1.1.0.44 PhotoScape PowerISO PSP Video 9 6 PunkBuster Services QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime Realtek High Definition Audio Driver RealUpgrade 1.1 Revo Uninstaller 1.92 Safari SAMSUNG Mobile Modem Driver Set Samsung Mobile phone USB driver Software SAMSUNG Mobile USB Modem 1.0 Software SAMSUNG Mobile USB Modem Software Samsung PC Studio 3 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Segoe UI Skype™ 5.5 SMI Grabber Device Soldier Front Spybot - Search & Destroy SpywareBlaster 4.2 SpywareGuard v2.2 Steam Sudoku Beginner SUPERAntiSpyware Free Edition System Requirements Lab Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL Ulead VideoStudio SE DVD Uninstall 1.0.0.1 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Outlook 2007 Junk Email Filter (KB2596560) Update voor Microsoft Office Excel 2007 Help (KB963678) Update voor Microsoft Office Powerpoint 2007 Help (KB963669) Update voor Microsoft Office Word 2007 Help (KB963665) Update voor Windows XP (KB2607712) Update voor Windows XP (KB2616676) Videora iPod touch Converter 6 WebFldrs XP Windows-stuurprogrammapakket - Atheros (L1e) Net (03/31/2009 1.0.0.36) Windows-stuurprogrammapakket - NVIDIA (nv) Display (01/11/2010 6.14.11.9621) Windows-stuurprogrammapakket - Realtek Semiconductor Corp. HD Audio Driver (12/25/2009 5.10.0.6013) Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Live - Hulpprogramma voor uploaden Windows Live aanmeldhulp Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sync Windows Live Toolbar Windows Live Writer Windows Media Encoder 9 Series Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 WinPcap 4.0.2 WinRAR Wolfenstein - Enemy Territory x264vfw - H.264/MPEG-4 AVC codec (remove only) Xfire (remove only) YouSendIt Express YouTube Downloader 2.5.3 YouTube Downloader App 3.00 . ==== End Of File =========================== Gmer-log GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-11-01 11:41:29 Windows 5.1.2600 Service Pack 3 Harddisk0DR0 -> DeviceIdeIdeDeviceP2T0L0-7 SAMSUNG_HD322HJ rev.1AG01113 Running: gmer.exe; Driver: C:DOCUME~1mamaLOCALS~1Temppxlcypog.sys ---- Kernel code sections - GMER 1.0.15 ---- .text C:WINDOWSsystem32DRIVERSnv4_mini.sys section is writeable [0xB73C5380, 0x550AF5, 0xE8000020] ? C:DOCUME~1mamaLOCALS~1Tempmbr.sys Het systeem kan het opgegeven bestand niet vinden. ! ---- User code sections - GMER 1.0.15 ---- .text C:Program FilesInternet Exploreriexplore.exe[3276] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 415854D5 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:Program FilesInternet Exploreriexplore.exe[3276] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 4165DB44 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:Program FilesInternet Exploreriexplore.exe[3276] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 41755397 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:Program FilesInternet Exploreriexplore.exe[3276] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 417552C9 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:Program FilesInternet Exploreriexplore.exe[3276] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 41755334 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:Program FilesInternet Exploreriexplore.exe[3276] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 4175519A C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:Program FilesInternet Exploreriexplore.exe[3276] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 417551FC C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:Program FilesInternet Exploreriexplore.exe[3276] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 417553FA C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:Program FilesInternet Exploreriexplore.exe[3276] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 4175525E C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:Program FilesInternet Exploreriexplore.exe[3488] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 415854D5 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:Program FilesInternet Exploreriexplore.exe[3488] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 41659AD1 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:Program FilesInternet Exploreriexplore.exe[3488] USER32.dll!CallNextHookEx 7E3AB3C6 5 Bytes JMP 4164D10D C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:Program FilesInternet Exploreriexplore.exe[3488] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 4165DB44 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:Program FilesInternet Exploreriexplore.exe[3488] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 415C464E C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:Program FilesInternet Exploreriexplore.exe[3488] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 41755397 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:Program FilesInternet Exploreriexplore.exe[3488] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 417552C9 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:Program FilesInternet Exploreriexplore.exe[3488] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 41755334 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:Program FilesInternet Exploreriexplore.exe[3488] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 4175519A C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:Program FilesInternet Exploreriexplore.exe[3488] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 417551FC C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:Program FilesInternet Exploreriexplore.exe[3488] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 417553FA C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:Program FilesInternet Exploreriexplore.exe[3488] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 4175525E C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:Program FilesInternet Exploreriexplore.exe[3488] ole32.dll!CoCreateInstance 774BF1AC 5 Bytes JMP 4165DBA0 C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:Program FilesInternet Exploreriexplore.exe[3488] ole32.dll!OleLoadFromStream 774E981B 5 Bytes JMP 417556FF C:WINDOWSsystem32IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice DriverTcpip DeviceTcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation) AttachedDevice FileSystemFastfat Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Files - GMER 1.0.15 ---- File C:Documents and SettingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{FA7D8D51-0DC0-469C-AAFB-2F442EE7CDA1} 0 bytes File C:Documents and SettingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{FA7D8D51-0DC0-469C-AAFB-2F442EE7CDA1}mpasbase.vdm 13884592 bytes executable File C:Documents and SettingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{FA7D8D51-0DC0-469C-AAFB-2F442EE7CDA1}mpasdlta.vdm 868872 bytes executable File C:Documents and SettingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{FA7D8D51-0DC0-469C-AAFB-2F442EE7CDA1}mpavbase.vdm 47947952 bytes executable File C:Documents and SettingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{FA7D8D51-0DC0-469C-AAFB-2F442EE7CDA1}mpavdlta.vdm 1460232 bytes executable File C:Documents and SettingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{FA7D8D51-0DC0-469C-AAFB-2F442EE7CDA1}mpengine.dll 6668624 bytes File C:Documents and SettingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{FA7D8D51-0DC0-469C-AAFB-2F442EE7CDA1}MpKsl9b6688ef.sys 28752 bytes executable <-- ROOTKIT !!! File C:Documents and SettingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{FA7D8D51-0DC0-469C-AAFB-2F442EE7CDA1}offreg.dll 56200 bytes executable File C:Documents and SettingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareScansmpcache-1F943C22AE6A0669A873060208DD33F2AD2A738C.bin.67 84844544 bytes File C:Documents and SettingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareScansmpcache-1F943C22AE6A0669A873060208DD33F2AD2A738C.bin.80 8318976 bytes File C:Documents and SettingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareScansmpcache-1F943C22AE6A0669A873060208DD33F2AD2A738C.bin.87 1052672 bytes ---- Services - GMER 1.0.15 ---- Service C:Documents and SettingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{FA7D8D51-0DC0-469C-AAFB-2F442EE7CDA1}MpKsl9b6688ef.sys [sYSTEM] MpKsl9b6688ef <-- ROOTKIT !!! ---- EOF - GMER 1.0.15 ---- Link to post Share on other sites
JonTom Posted November 2, 2011 Share Posted November 2, 2011 Hello gagaman Thank you for the logs. P2P Programs: P2P programs are a major source of Malware infections. From your log I see you have µTorrent and LimeWire 5.1.3. We do not pass judgment on file-sharing, however we must inform you that engaging in this activity and having this kind of software installed on your system will always make you more susceptible to Malware infections. The use of P2P programs may be contributing to your current situation, and you would certainly be doing yourself a favour by removing them. If you wish to keep the program(s), please do not use them until your computer is cleaned. Information regarding the risk of using these programs can be found from here and here. It is strongly recommend that you uninstall any P2P programs you have on your system. To do this, Click on "Start" then on "Control Panel" and then on "Add or remove programs". A list of currently installed programs will be displayed. Find each program, click on it once and then click on the "Remove" button. If you are prompted to re-boot your computer to complete the uninstall please do so. PLEASE NOTE: Even if you are using a P2P program that is deemed safe, it is only the program that is safe. Any files that you receive using a "safe" P2P program may be infected with Malware. The malware writers use P2P file-sharing as a major conduit to spread infected files. Besides the toolbar issues you described is the machine displaying any other noticeable symptoms (redirects, popups, error messages etc)? Lets take a closer look at the following file: Please scan the following files Please go to VirusTotal On the page you'll find a "Browse" button. Click on the Browse button. In the Choose File to Upload window which opens, copy and paste this into the File Name box. C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FA7D8D51-0DC0-469C-AAFB-2F442EE7CDA1}\MpKsl9b6688ef.sys Next, click the Open button. Then click the "Send File" button just below. This will scan the file. Please be patient. If you get a message saying File has already been analyzed: click Reanalyze file now. Once scanned, copy and paste the link to the results page in your next reply. There are no toolbars showing in your DDS log but I can see some remnants of Babylon (it is set as your default browser search tool for Firefox). If you would like this removed let me know. Please post the link to the VT scan page in your next reply then we'll continue Link to post Share on other sites
gagaman Posted November 2, 2011 Author Share Posted November 2, 2011 (edited) Hi JonTom, The computer belongs to a friend of mine. I think her kids installed tahat p2p and torrent software. I uninstalled it. I will pass your remarqs about p2p over to them. I did not find the file you mentioned above to be analyzed by virustotal. On that location I did find a file with the same extension: MpKslbcf0fce7.sys. So I uploaded that. Herre is the link: http://www.virustota...5c6e-1320225890 And I wish to get rid or the remnants of Babylon The pc is behaving quite well. No popups or errors showing up now. thanks, gagaman Edited November 2, 2011 by gagaman Link to post Share on other sites
JonTom Posted November 2, 2011 Share Posted November 2, 2011 Hello gagaman On that location I did find a file with the same extension: MpKslbcf0fce7.sys Thats the same extension, but a different file. The file I wanted scanned was being flagged by GMER: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FA7D8D51-0DC0-469C-AAFB-2F442EE7CDA1}\MpKsl9b6688ef.sys [sYSTEM] MpKsl9b6688ef <-- ROOTKIT !!! Did you paste it directly into VT as instructed? (It sounds as though you tried to locate it manually). The file may very well be a false positive since it appears to be a malware definitions file for MSE, and also since you mention that the machine is not being redirected when browsing etc. And I wish to get rid or the remnants of Babylon Lets take care of it using OTL: Download and run OTL by Oldtimer Please download OTL by Oldtimer by clicking here and save the file (called OTL.exe) to your desktop. Close all open windows on your computer then Double click on the OTL.exe icon to run the program. Check the boxes beside "LOP Check" and "Purity Check". Under Custom Scan paste this in: netsvcs %SYSTEMDRIVE%\*.* %systemroot%\Fonts\*.com %systemroot%\Fonts\*.dll %systemroot%\Fonts\*.ini %systemroot%\Fonts\*.ini2 %systemroot%\Fonts\*.exe %systemroot%\system32\spool\prtprocs\w32x86\*.* %systemroot%\REPAIR\*.bak1 %systemroot%\REPAIR\*.ini %systemroot%\system32\*.jpg %systemroot%\*.jpg %systemroot%\*.png %systemroot%\*.scr %systemroot%\*._sy %APPDATA%\Adobe\Update\*.* %ALLUSERSPROFILE%\Favorites\*.* %APPDATA%\Microsoft\*.* %PROGRAMFILES%\*.* %APPDATA%\Update\*.* %systemroot%\*. /mp /s CREATERESTOREPOINT %systemroot%\System32\config\*.sav %PROGRAMFILES%\bak. /s %systemroot%\system32\bak. /s %ALLUSERSPROFILE%\Start Menu\*.lîk /x %systemroot%\system32\config\systemprofile\*.dat /x %systemroot%\*.config %systemroot%\system32\*.db %PROGRAMFILES%\Internet Explorer\*.dat %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x %USERPROFILE%\Deskuop\*.exe %PROGRAMFILES%\Common Files\*.* %systemroot%\*.src %systemroot%\install\*.* %systemroot%\system32\DLL\*.* %systemroot%\system32\HelpFiles\*.* %systemroot%\system32\rundll\*.* %systemroot%\winn32\*.* %systemroot%\Java\*.* %systemroot%\system32\test\*.* %systemroot%\system32\Rundll32\*.* HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs /md5start iexplore.* explorer.* winlogon.* dll zx.dll hlp.dat /md5stop Click the "Run Scan" button. Do not change any settings unless specifically told to do so. The scan will not take long.When the scan completes, it will open two notepad windows: OTL.Txt and Extras.Txt. Note: These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically. Please Copy and Paste the contents of both files in your next reply. You may need two posts to fit them both in. Link to post Share on other sites
gagaman Posted November 3, 2011 Author Share Posted November 3, 2011 Thats the same extension, but a different file. The file I wanted scanned was being flagged by GMER: Did you paste it directly into VT as instructed? (It sounds as though you tried to locate it manually). Hello Jontom, With copy/paste I got a message that the path to the file was wrong. Check the filename. After that I navigated manually to that map and did not find the file. Therequested logs: OTL.Txt OTL logfile created on: 3/11/2011 7:10:37 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:Documents and SettingsmamaBureaublad Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = ) Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy 3,25 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 80,21% Memory free 5,09 Gb Paging File | 4,58 Gb Available in Paging File | 89,96% Paging File free Paging file location(s): C:pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files Drive C: | 146,48 Gb Total Space | 32,46 Gb Free Space | 22,16% Space Free | Partition Type: NTFS Drive D: | 151,61 Gb Total Space | 141,39 Gb Free Space | 93,26% Space Free | Partition Type: NTFS Computer Name: FRANCINE | User Name: mama | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/11/03 07:09:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsmamaBureaubladOTL.exe PRC - [2011/10/30 17:06:50 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:Program FilesSUPERAntiSpywareSASCORE.EXE PRC - [2011/10/30 07:47:56 | 003,045,688 | ---- | M] (Emsi Software GmbH) -- C:Program FilesEmsisoft Anti-Malwarea2service.exe PRC - [2011/10/08 07:50:51 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:Program FilesLogMeInx86ramaint.exe PRC - [2011/10/08 07:50:35 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:Program FilesLogMeInx86LMIGuardianSvc.exe PRC - [2011/09/26 12:27:08 | 000,024,216 | ---- | M] (PC Pitstop LLC) -- C:Program FilesPCPitstopInfo CenterInfoCenter.exe PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:Program FilesMicrosoft Security Clientmsseces.exe PRC - [2011/06/15 07:19:14 | 000,307,200 | ---- | M] (PowerISO Computing, Inc.) -- C:Program FilesPowerISOPWRISOVM.EXE PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe PRC - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:Program FilesLogMeInx86LogMeIn.exe PRC - [2009/10/19 19:03:50 | 000,995,328 | ---- | M] (D-Link Corp.) -- C:Program FilesD-LinkDWA-125 revAAirGCFG.exe PRC - [2009/10/19 18:39:38 | 000,122,880 | ---- | M] (Wireless Service) -- C:Program FilesD-LinkDWA-125 revAWZCSLDR2.exe PRC - [2008/07/24 17:46:10 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:Program FilesLogMeInx86LogMeInSystray.exe PRC - [2008/07/23 16:04:20 | 005,625,344 | ---- | M] () -- C:Program FilesASUSEPU-4 EngineFourEngine.exe PRC - [2008/04/14 18:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:WINDOWSexplorer.exe PRC - [2007/05/17 22:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:Program FilesMicrosoft LifeCamMSCamS32.exe PRC - [2007/04/10 22:46:52 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:WINDOWSvVX1000.exe PRC - [2003/08/29 18:05:35 | 000,360,448 | ---- | M] () -- C:Program FilesSpywareGuardsgmain.exe PRC - [2003/08/29 10:14:56 | 000,233,472 | ---- | M] () -- C:Program FilesSpywareGuardsgbhp.exe PRC - [2003/06/06 16:52:32 | 000,151,552 | ---- | M] (InterVideo Inc.) -- C:Program FilesCommon FilesInterVideoSchSvrSchSvr.exe PRC - [2003/06/06 16:51:48 | 000,131,072 | ---- | M] () -- C:Program FilesInterVideoCommonBinWinCinemaMgr.exe ========== Modules (No Company Name) ========== MOD - [2011/10/30 07:16:16 | 000,315,392 | ---- | M] () -- C:WINDOWSsystem32ANPDApi.dll MOD - [2011/10/14 05:55:04 | 012,430,848 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Windows.Forms71a2ae9ad561a62181cbd9fb11e9de7aSystem.Windows.Forms.ni.dll MOD - [2011/10/14 05:54:46 | 001,587,200 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Drawingc10bea3c4bb7ef654651141bf9419090System.Drawing.ni.dll MOD - [2011/10/13 22:49:12 | 007,950,848 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32Systemaf39f6e644af02873b9bae319f2bfb13System.ni.dll MOD - [2011/10/13 22:49:02 | 011,490,816 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32mscorlibca87ba84221991839abbe7d4bc9c6721mscorlib.ni.dll MOD - [2009/10/19 18:59:12 | 000,274,432 | ---- | M] () -- C:Program FilesD-LinkDWA-125 revAwlanapp.dll MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:Program FilesCommon FilesAppleApple Application Supportzlib1.dll MOD - [2009/05/22 09:04:59 | 000,303,104 | ---- | M] () -- C:WINDOWSassemblyGAC_MSILmscorlib.resources2.0.0.0_nl_b77a5c561934e089mscorlib.resources.dll MOD - [2008/07/23 16:04:20 | 005,625,344 | ---- | M] () -- C:Program FilesASUSEPU-4 EngineFourEngine.exe MOD - [2008/04/15 09:07:34 | 000,053,248 | ---- | M] () -- C:Program FilesASUSEPU-4 EngineAsSpindownTimeout.dll MOD - [2006/01/10 09:50:20 | 000,024,576 | R--- | M] () -- C:WINDOWSsystem32AsIO.dll MOD - [2005/05/11 15:39:32 | 000,565,248 | ---- | M] () -- C:Program FilesASUSEPU-4 Enginepngio.dll MOD - [2003/08/29 18:05:35 | 000,360,448 | ---- | M] () -- C:Program FilesSpywareGuardsgmain.exe MOD - [2003/08/29 10:14:56 | 000,233,472 | ---- | M] () -- C:Program FilesSpywareGuardsgbhp.exe MOD - [2003/08/02 22:20:57 | 000,126,976 | R--- | M] () -- C:Program FilesSpywareGuardspywareguard.dll MOD - [2003/06/06 16:51:48 | 000,131,072 | ---- | M] () -- C:Program FilesInterVideoCommonBinWinCinemaMgr.exe ========== Win32 Services (SafeList) ========== SRV - [2011/10/30 17:06:50 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:Program FilesSUPERAntiSpywareSASCORE.EXE -- (!SASCORE) SRV - [2011/10/30 07:47:56 | 003,045,688 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:Program FilesEmsisoft Anti-Malwarea2service.exe -- (a2AntiMalware) SRV - [2011/10/26 11:42:32 | 000,091,816 | ---- | M] (PC Pitstop LLC) [On_Demand | Stopped] -- C:Program FilesPCPitstopPCPitstopScheduleService.exe -- (PCPitstop Scheduling) SRV - [2011/10/08 07:50:51 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:Program FilesLogMeInx86RaMaint.exe -- (LMIMaint) SRV - [2011/10/08 07:50:35 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:Program FilesLogMeInx86LMIGuardianSvc.exe -- (LMIGuardianSvc) SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe -- (MsMpSvc) SRV - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:Program FilesLogMeInx86LogMeIn.exe -- (LogMeIn) SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:Program FilesCommon FilesArcSoftConnection ServiceBinACService.exe -- (ACDaemon) SRV - [2009/08/21 09:27:26 | 000,126,976 | ---- | M] (Wireless Service) [On_Demand | Stopped] -- C:Program FilesD-LinkDWA-125 revAANIWZCSdS.exe -- (D_Link_DWA-125) SRV - [2009/07/07 19:49:20 | 000,040,960 | ---- | M] () [On_Demand | Stopped] -- C:Program FilesD-LinkDWA-125 revAANIWConnService.exe -- (D_Link_DWA-125_WPS) SRV - [2009/05/20 09:50:20 | 002,772,302 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:WINDOWSSystem32GameMon.des -- (npggsvc) SRV - [2007/11/06 21:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:Program FilesWinPcaprpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2007/05/17 22:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:Program FilesMicrosoft LifeCamMSCamS32.exe -- (MSCamSvc) SRV - [2006/09/28 10:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [On_Demand | Stopped] -- C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe -- (UleadBurningHelper) SRV - [2003/03/09 20:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:WINDOWSsystem32HPZipm12.exe -- (Pml Driver HPZ12) ========== Driver Services (SafeList) ========== DRV - [2011/11/03 06:59:39 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:Documents and SettingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{01BAA76E-C68A-4F4A-9B66-DF535EDC036E}MpKsl4db32db8.sys -- (MpKsl4db32db8) DRV - [2011/10/30 17:06:43 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:Program FilesSUPERAntiSpywareSASKUTIL.SYS -- (SASKUTIL) DRV - [2011/10/30 17:06:42 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:Program FilesSUPERAntiSpywareSASDIFSV.SYS -- (SASDIFSV) DRV - [2011/10/30 07:16:16 | 000,029,411 | ---- | M] () [Kernel | Auto | Running] -- C:WINDOWSsystem32ANPD.SYS -- (ANPD) DRV - [2011/10/08 07:50:36 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:WINDOWSSystem32LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV - [2011/06/15 09:23:56 | 000,060,156 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:WINDOWSSystem32driversscdemu.sys -- (SCDEmu) DRV - [2011/06/12 19:53:30 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:Program FilesSUPERAntiSpywareSASENUM.SYS -- (SASENUM) DRV - [2011/02/20 20:30:06 | 000,073,728 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:Program FilesEmsisoft Anti-Malwarea2accx86.sys -- (a2acc) DRV - [2011/01/26 10:31:28 | 000,805,632 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversSmiUsbGrabber3C.sys -- (SMIGrabber3C) DRV - [2009/12/25 18:26:30 | 006,039,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversRtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversMonfilt.sys -- (Monfilt) DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversAmbfilt.sys -- (Ambfilt) DRV - [2009/10/23 17:10:10 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:WINDOWSSystem32driversStarOpen.sys -- (StarOpen) DRV - [2009/09/15 14:09:22 | 000,779,136 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversDrt2870.sys -- (rt2870) DRV - [2009/08/05 21:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:WINDOWSsystem32driversfssfltr_tdi.sys -- (fssfltr) DRV - [2009/03/31 17:33:10 | 000,038,400 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversl1e51x86.sys -- (L1e) DRV - [2008/07/24 17:46:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:Program FilesLogMeInx86rainfo.sys -- (LMIInfo) DRV - [2008/07/24 17:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:WINDOWSsystem32driversLMIRfsDriver.sys -- (LMIRfsDriver) DRV - [2008/04/13 19:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversnmnt.sys -- (nm) DRV - [2008/04/13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversMPE.sys -- (MPE) DRV - [2007/12/17 10:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:WINDOWSsystem32driversAsIO.sys -- (AsIO) DRV - [2007/11/06 21:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversnpf.sys -- (NPF) DRV - [2007/05/02 10:12:36 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversssm_mdm.sys -- (ssm_mdm) DRV - [2007/05/02 10:12:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversssm_mdfl.sys -- (ssm_mdfl) DRV - [2007/05/02 10:12:34 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) DRV - [2007/05/02 10:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversss_mdm.sys -- (ss_mdm) DRV - [2007/05/02 10:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversss_mdfl.sys -- (ss_mdfl) DRV - [2007/05/02 10:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) DRV - [2007/04/10 22:46:53 | 001,966,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversVX1000.sys -- (VX1000) DRV - [2006/11/29 06:46:24 | 000,028,224 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversAPLMp50.sys -- (APLMp50) DRV - [2005/12/18 19:42:12 | 000,008,801 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:Program FilesDScalerDSDrv4.sys -- (DSDrv4) DRV - [2005/01/02 22:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32npptNT2.sys -- (NPPTNT2) DRV - [2004/08/13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversASACPI.sys -- (MTsensor) DRV - [2002/09/27 06:53:00 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driverspfc.sys -- (pfc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.be/ IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache = http://be.msn.com/default.aspx?ocid=iehp IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache AcceptLangs = nl-be IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache_TIMESTAMP = 8A 69 41 C1 21 97 CC 01 [binary data] IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17243" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledItems: [email protected]:1.0 FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&AF=17243&q=" FF - [email protected]/FlashPlayer: C:WINDOWSsystem32MacromedFlashNPSWF32.dll () FF - [email protected]/ShockwavePlayer: C:WINDOWSsystem32AdobeDirectornp32dsw.dll (Adobe Systems, Inc.) FF - [email protected]/iTunes,version=: File not found FF - [email protected]/iTunes,version=1.0: C:Program FilesiTunesMozilla Pluginsnpitunes.dll () FF - [email protected]/GoogleEarthPlugin: C:Program FilesGoogleGoogle Earthpluginnpgeplugin.dll (Google) FF - [email protected]/NpCtrl,version=1.0: C:Program FilesMicrosoft Silverlight4.0.60831.0npctrl.dll ( Microsoft Corporation) FF - [email protected]/OfficeLive,version=1.3: C:Program FilesMicrosoftOffice LivenpOLW.dll (Microsoft Corp.) FF - [email protected]/WLPG,version=14.0.8117.0416: C:Program FilesWindows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation) FF - [email protected]/WPF,version=3.5: C:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation) FF - [email protected]/Google Update;version=3: C:Program FilesGoogleUpdate1.3.21.79npGoogleUpdate3.dll (Google Inc.) FF - [email protected]/Google Update;version=9: C:Program FilesGoogleUpdate1.3.21.79npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxextensions{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:Program FilesArcSoftMedia Converter for PhilipsInternet Video DownloaderPlugin_FireFox [2010/03/07 12:38:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 4.0.1extensionsComponents: C:Program FilesMozilla Firefoxcomponents [2011/10/30 16:01:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 4.0.1extensionsPlugins: C:Program FilesMozilla Firefoxplugins [2011/02/22 16:50:36 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsmamaApplication DataMozillaExtensions [2011/10/30 12:10:16 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsmamaApplication DataMozillaFirefoxProfileshefq8rku.defaultextensions [2011/06/12 20:55:40 | 000,000,000 | ---D | M] (No name found) -- C:Program FilesMozilla Firefoxextensions [2011/08/10 17:54:30 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:Program FilesMozilla Firefoxextensions{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011/05/22 09:53:49 | 000,000,000 | ---D | M] (QuestScan) -- C:Program FilesMozilla Firefoxextensions{F0E1168A-B4B5-484C-B77E-0D28E6B64096} [2009/06/03 17:08:18 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:PROGRAM FILESJAVAJRE6LIBDEPLOYJQSFF [2009/09/01 20:55:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:WINDOWSMICROSOFT.NETFRAMEWORKV3.5WINDOWS PRESENTATION FOUNDATIONDOTNETASSISTANTEXTENSION [2011/04/14 17:57:43 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:Program Filesmozilla firefoxcomponentsbrowsercomps.dll [2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginsbing.xml [2010/01/01 09:00:00 | 000,001,892 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginsbolcom-nl.xml [2010/01/01 09:00:00 | 000,004,558 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginsmarktplaats-nl.xml [2010/01/01 09:00:00 | 000,001,111 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginsvandale-nl.xml [2010/01/01 09:00:00 | 000,001,049 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginswikipedia-nl.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:Program Filesgooglechromeapplication14.0.835.202gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:WINDOWSsystem32MacromedFlashNPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin7.dll CHR - plugin: Java Platform SE 6 U16 (Enabled) = C:Program FilesJavajre6binnew_pluginnpjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:Program FilesMicrosoft Silverlight4.0.60531.0npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:WINDOWSsystem32AdobeDirectornp32dsw.dll CHR - plugin: RealNetworks RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:Documents and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:Documents and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:Program FilesRealRealPlayerNetscape6nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:Program FilesRealRealPlayerNetscape6nprpjplug.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:Program FilesWindows Media Playernpdsplay.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:Program FilesMicrosoftOffice LivenpOLW.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:Program Filesgooglechromeapplication14.0.835.202ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:Program Filesgooglechromeapplication14.0.835.202pdf.dll CHR - plugin: Skype Toolbars (Enabled) = C:Documents and SettingsmamaLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionslifbcibllhkdhoafpjfnlhfpfgnpldfl5.5.0.8013_0npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Disabled) = C:Program FilesAdobeReader 9.0ReaderBrowsernppdf32.dll CHR - plugin: Microsoftu00AE DRM (Enabled) = C:Program FilesWindows Media Playernpdrmv2.dll CHR - plugin: Microsoftu00AE DRM (Enabled) = C:Program FilesWindows Media Playernpwmsdrm.dll CHR - plugin: Google Earth Plugin (Enabled) = C:Program FilesGoogleGoogle Earthpluginnpgeplugin.dll CHR - plugin: Google Update (Enabled) = C:Program FilesGoogleUpdate1.3.21.69npGoogleUpdate3.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:Program FilesRealRealPlayerNetscape6nprjplug.dll CHR - plugin: Windows Liveu00AE Photo Gallery (Enabled) = C:Program FilesWindows LivePhoto GalleryNPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:Program FilesiTunesMozilla Pluginsnpitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:Documents and SettingsmamaLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsjfmjfhklogoienhpfnppmbcbjfjnkonk1.4_0 CHR - Extension: Click to call with Skype = C:Documents and SettingsmamaLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionslifbcibllhkdhoafpjfnlhfpfgnpldfl5.5.0.8013_0 O1 HOSTS File: ([2009/05/22 19:08:20 | 000,611,053 | ---- | M]) - C:WINDOWSsystem32driversetcHOSTS O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 ad.a8.net O1 - Hosts: 127.0.0.1 asy.a8ww.net O1 - Hosts: 127.0.0.1 acezip.net #[siteAdvisor.acezip.net] O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions] O1 - Hosts: 127.0.0.1 phpadsnew.abac.com O1 - Hosts: 127.0.0.1 a.abnad.net O1 - Hosts: 127.0.0.1 b.abnad.net O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie] O1 - Hosts: 127.0.0.1 d.abnad.net O1 - Hosts: 127.0.0.1 e.abnad.net O1 - Hosts: 127.0.0.1 t.abnad.net O1 - Hosts: 127.0.0.1 z.abnad.net O1 - Hosts: 127.0.0.1 banners.absolpublisher.com O1 - Hosts: 127.0.0.1 tracking.absolstats.com O1 - Hosts: 127.0.0.1 adv.abv.bg O1 - Hosts: 127.0.0.1 bimg.abv.bg O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com O1 - Hosts: 127.0.0.1 accuserveadsystem.com O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com O1 - Hosts: 127.0.0.1 gtb5.acecounter.com O1 - Hosts: 127.0.0.1 gtb19.acecounter.com O1 - Hosts: 127.0.0.1 gtcc1.acecounter.com O1 - Hosts: 127.0.0.1 gtp1.acecounter.com #[eTrust.Tracking.Cookie] O1 - Hosts: 16309 more lines... O3 - HKLM..Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..Run: [D-Link D-Link DWA-125] C:Program FilesD-LinkDWA-125 revAAirGCFG.exe (D-Link Corp.) O4 - HKLM..Run: [info Center] C:Program FilesPCPitstopInfo CenterInfoCenter.exe (PC Pitstop LLC) O4 - HKLM..Run: [LifeCam] C:Program FilesMicrosoft LifeCamLifeExp.exe (Microsoft Corporation) O4 - HKLM..Run: [LogMeIn GUI] C:Program FilesLogMeInx86LogMeInSystray.exe (LogMeIn, Inc.) O4 - HKLM..Run: [MSC] C:Program FilesMicrosoft Security Clientmsseces.exe (Microsoft Corporation) O4 - HKLM..Run: [PWRISOVM.EXE] C:Program FilesPowerISOPWRISOVM.EXE (PowerISO Computing, Inc.) O4 - HKLM..Run: [six Engine] C:Program FilesASUSEPU-4 EngineFourEngine.exe () O4 - HKLM..Run: [uVS10 Preload] C:Program FilesUlead SystemsUlead VideoStudio SE DVDuvPL.exe (Ulead Systems, Inc.) O4 - HKLM..Run: [VX1000] C:WINDOWSvVX1000.exe (Microsoft Corporation) O4 - HKLM..Run: [WinDVR SchSvr] C:Program FilesCommon FilesInterVideoSchSvrSchSvr.exe (InterVideo Inc.) O4 - HKLM..Run: [WZCSLDR2] C:Program FilesD-LinkDWA-125 revAWZCSLDR2.exe (Wireless Service) O4 - HKCU..RunOnce: [shockwave Updater] C:WINDOWSsystem32AdobeShockwave 11SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.dadsproject.com/Klokkijken/klokkijken.php" File not found O4 - Startup: C:Documents and SettingsAll UsersMenu StartProgramma'sOpstartenInterVideo WinCinema Manager.lnk = C:Program FilesInterVideoCommonBinWinCinemaMgr.exe () O4 - Startup: C:Documents and SettingsmamaMenu StartProgramma'sOpstartenSpywareGuard.lnk = C:Program FilesSpywareGuardsgmain.exe () O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: HonorAutoRunSetting = 1 O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145 O10 - NameSpace_Catalog5Catalog_Entries000000000004 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.) O16 - DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (VersionControl Class) O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab (F-Secure Online Scanner Launcher) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class) O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243013861984 (MUWebControl Class) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 195.130.130.4 195.130.131.4 O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{4F52C767-993D-4BB5-AE28-5E54599325CC}: DhcpNameServer = 195.130.131.132 195.130.130.4 O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{57CC1820-8280-407F-8BB2-EB8E5714DF5F}: DhcpNameServer = 195.130.130.4 195.130.131.4 O18 - ProtocolHandlerskype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:WINDOWSexplorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:WINDOWSsystem32userinit.exe) -C:WINDOWSsystem32userinit.exe (Microsoft Corporation) O20 - WinlogonNotify!SASWinLogon: DllName - (C:Program FilesSUPERAntiSpywareSASWINLO.DLL) - C:Program FilesSUPERAntiSpywareSASWINLO.DLL (SUPERAntiSpyware.com) O20 - WinlogonNotifyLMIinit: DllName - (LMIinit.dll) - C:WINDOWSSystem32LMIinit.dll (LogMeIn, Inc.) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:Program FilesSUPERAntiSpywareSASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:Program FilesSpywareGuardspywareguard.dll () O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/05/22 07:59:54 | 000,000,000 | ---- | M] () - C:AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM..comfile [open] -- "%1" %* O35 - HKLM..exefile [open] -- "%1" %* O37 - HKLM...com [@ = comfile] -- "%1" %* O37 - HKLM...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011/11/03 07:09:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:Documents and SettingsmamaBureaubladOTL.exe [2011/11/02 11:25:29 | 000,000,000 | RH-D | C] -- C:Documents and SettingsmamaOnlangs geopend [2011/11/01 12:01:24 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersMenu StartProgramma'sSIW [2011/11/01 12:01:21 | 000,000,000 | ---D | C] -- C:Program FilesSIW [2011/11/01 09:52:47 | 000,000,000 | ---D | C] -- C:Documents and SettingsmamaBureaubladgmer [2011/11/01 09:48:59 | 000,000,000 | R--D | C] -- C:Documents and SettingsmamaMenu StartProgramma'sSysteembeheer [2011/11/01 09:46:37 | 000,607,260 | R--- | C] (Swearware) -- C:Documents and SettingsmamaBureaubladdds.scr [2011/10/30 21:44:36 | 000,000,000 | ---D | C] -- C:Program FilesTrend Micro [2011/10/30 21:44:36 | 000,000,000 | ---D | C] -- C:Documents and SettingsmamaMenu StartProgramma'sHiJackThis [2011/10/30 17:56:16 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataPCPitstopDat [2011/10/30 17:54:02 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersMenu StartProgramma'sPC Pitstop [2011/10/30 14:57:11 | 000,000,000 | ---D | C] -- C:WINDOWSCSC [2011/10/30 12:09:43 | 000,000,000 | ---D | C] -- D:Documents and SettingsmamaMijn documentenDownloads [2011/10/30 07:17:24 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersMenu StartProgramma'sD-Link [2011/10/30 07:15:34 | 000,779,136 | ---- | C] (Ralink Technology, Corp.) -- C:WINDOWSSystem32driversDrt2870.sys [2011/10/30 07:15:33 | 000,221,184 | ---- | C] (Ralink Technology, Inc.) -- C:WINDOWSSystem32RaCoInst.dll [2011/10/30 07:15:32 | 000,000,000 | ---D | C] -- C:Program FilesD-Link [2011/10/19 15:31:35 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersMenu StartProgramma'sHEMA Fotoservice [2011/10/19 15:31:15 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataHEMA Fotoservice [2011/10/19 15:31:13 | 000,000,000 | ---D | C] -- C:Program FilesHEMA Fotoservice [2011/10/13 18:56:57 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication Datatmp [2011/10/13 18:56:56 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication Datahps [2011/10/13 18:56:38 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersMenu StartProgramma'sbol.com fotoservice [2011/10/13 18:55:38 | 000,000,000 | ---D | C] -- C:Program Filesbol.com [1 D:Documents and SettingsmamaMijn documenten*.tmp files -> D:Documents and SettingsmamaMijn documenten*.tmp -> ] [1 C:WINDOWS*.tmp files -> C:WINDOWS*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/11/03 07:09:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsmamaBureaubladOTL.exe [2011/11/03 07:06:33 | 000,003,284 | ---- | M] () -- C:WINDOWSSystem32ANIWZCS{57CC1820-8280-407F-8BB2-EB8E5714DF5F} [2011/11/03 07:06:24 | 000,000,005 | ---- | M] () -- C:WINDOWSSystem32ANIWZCSUSERNAME{57CC1820-8280-407F-8BB2-EB8E5714DF5F} [2011/11/03 07:06:01 | 000,002,206 | ---- | M] () -- C:WINDOWSSystem32wpa.dbl [2011/11/03 07:06:00 | 000,001,040 | ---- | M] () -- C:WINDOWStasksGoogleUpdateTaskMachineCore.job [2011/11/03 07:05:59 | 000,000,294 | ---- | M] () -- C:WINDOWStasksRealUpgradeLogonTaskS-1-5-21-2000478354-115176313-839522115-500.job [2011/11/03 07:05:59 | 000,000,280 | ---- | M] () -- C:WINDOWStasksRealUpgradeLogonTaskS-1-5-21-2000478354-115176313-839522115-1005.job [2011/11/03 07:05:59 | 000,000,276 | ---- | M] () -- C:WINDOWStasksRealUpgradeLogonTaskS-1-5-21-2000478354-115176313-839522115-1003.job [2011/11/03 07:04:41 | 000,000,424 | -H-- | M] () -- C:WINDOWStasksMP Scheduled Scan.job [2011/11/03 07:03:42 | 000,706,232 | ---- | M] () -- C:WINDOWSSystem32perfh013.dat [2011/11/03 07:03:42 | 000,607,070 | ---- | M] () -- C:WINDOWSSystem32perfh009.dat [2011/11/03 07:03:42 | 000,185,908 | ---- | M] () -- C:WINDOWSSystem32perfc013.dat [2011/11/03 07:03:42 | 000,143,122 | ---- | M] () -- C:WINDOWSSystem32perfc009.dat [2011/11/03 07:00:00 | 000,001,044 | ---- | M] () -- C:WINDOWStasksGoogleUpdateTaskMachineUA.job [2011/11/03 06:59:29 | 000,002,048 | --S- | M] () -- C:WINDOWSbootstat.dat [2011/11/02 14:14:00 | 000,000,288 | ---- | M] () -- C:WINDOWStasksRealUpgradeScheduledTaskS-1-5-21-2000478354-115176313-839522115-1005.job [2011/11/02 14:11:21 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:WINDOWSSystem32FlashPlayerCPLApp.cpl [2011/11/02 11:22:07 | 000,005,120 | ---- | M] () -- C:Documents and SettingsmamaLocal SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/11/01 12:01:27 | 000,000,610 | ---- | M] () -- C:Documents and SettingsmamaBureaubladSIW.lnk [2011/11/01 09:48:43 | 000,294,216 | ---- | M] () -- C:Documents and SettingsmamaBureaubladgmer.zip [2011/11/01 09:46:39 | 000,607,260 | R--- | M] (Swearware) -- C:Documents and SettingsmamaBureaubladdds.scr [2011/10/30 21:45:14 | 000,002,445 | ---- | M] () -- C:Documents and SettingsmamaBureaubladHiJackThis.lnk [2011/10/30 18:43:37 | 000,002,187 | ---- | M] () -- C:Documents and SettingsAll UsersBureaubladSafari.lnk [2011/10/30 18:25:42 | 000,000,244 | ---- | M] () -- C:Documents and SettingsmamaBureaubladToverboom InfoCentrum.url [2011/10/30 17:54:02 | 000,001,675 | ---- | M] () -- C:Documents and SettingsmamaBureaubladPC Matic.lnk [2011/10/30 17:22:29 | 000,002,493 | ---- | M] () -- C:Documents and SettingsmamaBureaubladMicrosoft Office Word 2007.lnk [2011/10/30 16:02:47 | 000,001,324 | ---- | M] () -- C:WINDOWSSystem32d3d9caps.dat [2011/10/30 14:45:40 | 000,000,284 | ---- | M] () -- C:WINDOWStasksRealUpgradeScheduledTaskS-1-5-21-2000478354-115176313-839522115-1003.job [2011/10/30 14:39:23 | 000,000,211 | ---- | M] () -- C:Documents and SettingsmamaBureaubladDe Toverboom - WELKOM - Basisschool 'De Toverboom'. Kom alles te weten over onze school..url [2011/10/30 09:55:19 | 000,000,302 | ---- | M] () -- C:WINDOWStasksRealUpgradeScheduledTaskS-1-5-21-2000478354-115176313-839522115-500.job [2011/10/30 09:55:11 | 000,000,682 | ---- | M] () -- C:Documents and SettingsAll UsersBureaubladCCleaner.lnk [2011/10/30 07:17:24 | 000,001,682 | ---- | M] () -- C:Documents and SettingsAll UsersBureaubladWireless Connection Manager.lnk [2011/10/30 07:16:16 | 000,315,392 | ---- | M] () -- C:WINDOWSSystem32ANPDApi.dll [2011/10/30 07:16:16 | 000,048,640 | ---- | M] () -- C:WINDOWSSystem32ANPD64.SYS [2011/10/30 07:16:16 | 000,034,008 | ---- | M] () -- C:WINDOWSSystem32ANPD.VXD [2011/10/30 07:16:16 | 000,029,411 | ---- | M] () -- C:WINDOWSSystem32ANPD.SYS [2011/10/29 17:28:37 | 000,001,813 | ---- | M] () -- C:Documents and SettingsAll UsersBureaubladGoogle Chrome.lnk [2011/10/19 14:55:38 | 000,000,914 | ---- | M] () -- C:Documents and SettingsAll UsersBureaubladbol.com fotoservice.lnk [2011/10/19 14:55:38 | 000,000,884 | ---- | M] () -- C:Documents and SettingsAll UsersBureaubladCEWE Fotoshow.lnk [2011/10/14 05:51:45 | 000,293,272 | ---- | M] () -- C:WINDOWSSystem32FNTCACHE.DAT [2011/10/08 07:50:36 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:WINDOWSSystem32LMIRfsClientNP.dll [2011/10/08 07:50:35 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:WINDOWSSystem32LMIinit.dll [2011/10/08 07:50:35 | 000,030,592 | ---- | M] (LogMeIn, Inc.) -- C:WINDOWSSystem32LMIport.dll [1 D:Documents and SettingsmamaMijn documenten*.tmp files -> D:Documents and SettingsmamaMijn documenten*.tmp -> ] [1 C:WINDOWS*.tmp files -> C:WINDOWS*.tmp -> ] ========== Files Created - No Company Name ========== [2011/11/02 11:20:44 | 000,005,120 | ---- | C] () -- C:Documents and SettingsmamaLocal SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/11/01 12:01:27 | 000,000,610 | ---- | C] () -- C:Documents and SettingsmamaBureaubladSIW.lnk [2011/11/01 09:48:43 | 000,294,216 | ---- | C] () -- C:Documents and SettingsmamaBureaubladgmer.zip [2011/10/30 21:44:37 | 000,002,445 | ---- | C] () -- C:Documents and SettingsmamaBureaubladHiJackThis.lnk [2011/10/30 17:40:33 | 000,000,244 | ---- | C] () -- C:Documents and SettingsmamaBureaubladToverboom InfoCentrum.url [2011/10/30 09:55:20 | 000,000,294 | ---- | C] () -- C:WINDOWStasksRealUpgradeLogonTaskS-1-5-21-2000478354-115176313-839522115-500.job [2011/10/30 09:55:19 | 000,000,302 | ---- | C] () -- C:WINDOWStasksRealUpgradeScheduledTaskS-1-5-21-2000478354-115176313-839522115-500.job [2011/10/30 09:55:11 | 000,000,682 | ---- | C] () -- C:Documents and SettingsAll UsersBureaubladCCleaner.lnk [2011/10/30 07:17:31 | 000,003,284 | ---- | C] () -- C:WINDOWSSystem32ANIWZCS{57CC1820-8280-407F-8BB2-EB8E5714DF5F} [2011/10/30 07:17:24 | 000,001,682 | ---- | C] () -- C:Documents and SettingsAll UsersBureaubladWireless Connection Manager.lnk [2011/10/30 07:16:23 | 000,000,005 | ---- | C] () -- C:WINDOWSSystem32ANIWZCSUSERNAME{57CC1820-8280-407F-8BB2-EB8E5714DF5F} [2011/10/30 07:16:16 | 000,315,392 | ---- | C] () -- C:WINDOWSSystem32ANPDApi.dll [2011/10/30 07:16:16 | 000,048,640 | ---- | C] () -- C:WINDOWSSystem32ANPD64.SYS [2011/10/30 07:16:16 | 000,034,008 | ---- | C] () -- C:WINDOWSSystem32ANPD.VXD [2011/10/30 07:16:16 | 000,029,411 | ---- | C] () -- C:WINDOWSSystem32ANPD.SYS [2011/10/30 07:15:33 | 000,013,931 | ---- | C] () -- C:WINDOWSSystem32RaCoInst.dat [2011/10/13 18:56:52 | 000,000,914 | ---- | C] () -- C:Documents and SettingsAll UsersBureaubladbol.com fotoservice.lnk [2011/10/13 18:56:52 | 000,000,884 | ---- | C] () -- C:Documents and SettingsAll UsersBureaubladCEWE Fotoshow.lnk [2011/08/13 16:41:18 | 000,204,800 | ---- | C] () -- C:WINDOWSSystem32IVIresizeW7.dll [2011/08/13 16:41:18 | 000,200,704 | ---- | C] () -- C:WINDOWSSystem32IVIresizeA6.dll [2011/08/13 16:41:18 | 000,192,512 | ---- | C] () -- C:WINDOWSSystem32IVIresizeP6.dll [2011/08/13 16:41:18 | 000,192,512 | ---- | C] () -- C:WINDOWSSystem32IVIresizeM6.dll [2011/08/13 16:41:18 | 000,188,416 | ---- | C] () -- C:WINDOWSSystem32IVIresizePX.dll [2011/08/13 16:41:18 | 000,020,480 | ---- | C] () -- C:WINDOWSSystem32IVIresize.dll [2011/08/11 13:40:49 | 000,061,244 | ---- | C] () -- C:WINDOWSSystem32x264vfw-uninstall.exe [2011/08/11 13:38:08 | 000,000,135 | ---- | C] () -- C:WINDOWShuffyuv.ini [2011/08/10 18:18:52 | 000,363,520 | ---- | C] () -- C:WINDOWSSystem32PsisDecd.dll [2011/07/10 22:04:39 | 000,021,504 | ---- | C] () -- C:WINDOWSjestertb.dll [2011/03/18 22:18:48 | 000,002,528 | ---- | C] () -- C:Documents and SettingsmamaApplication Data$_hpcst$.hpc [2011/03/08 20:05:24 | 000,000,162 | ---- | C] () -- C:WINDOWSwininit.ini [2011/02/23 19:49:33 | 000,000,552 | ---- | C] () -- C:WINDOWSSystem32d3d8caps.dat [2011/02/20 12:33:22 | 000,000,000 | ---- | C] () -- C:WINDOWSnsreg.dat [2010/11/18 17:36:02 | 000,027,648 | ---- | C] () -- C:WINDOWSSystem32AVSredirect.dll [2010/05/06 19:43:34 | 000,001,324 | ---- | C] () -- C:WINDOWSSystem32d3d9caps.dat [2010/04/06 10:37:57 | 000,000,056 | -H-- | C] () -- C:WINDOWSSystem32ezsidmv.dat [2010/04/06 10:30:31 | 000,015,498 | ---- | C] () -- C:WINDOWSVX1000.ini [2010/01/27 21:54:34 | 002,283,526 | ---- | C] () -- C:WINDOWSSystem32nvdata.bin [2009/12/24 14:53:19 | 000,087,472 | ---- | C] () -- C:WINDOWSSystem32ijjiChannelingPlugin.dll [2009/10/24 18:51:55 | 000,682,280 | ---- | C] () -- C:WINDOWSSystem32pbsvc.exe [2009/09/27 18:14:41 | 000,062,036 | -H-- | C] () -- C:WINDOWSSystem32mlfcache.dat [2009/08/06 09:42:23 | 000,138,160 | ---- | C] () -- C:WINDOWSSystem32driversPnkBstrK.sys [2009/08/06 09:42:01 | 000,271,200 | ---- | C] () -- C:WINDOWSSystem32PnkBstrB.exe [2009/08/06 09:41:56 | 000,075,136 | ---- | C] () -- C:WINDOWSSystem32PnkBstrA.exe [2009/08/06 09:41:46 | 000,000,287 | ---- | C] () -- C:WINDOWSgame.ini [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:WINDOWSSystem32OGACheckControl.dll [2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:WINDOWSSystem32OGAEXEC.exe [2009/07/12 16:39:51 | 000,000,751 | ---- | C] () -- C:WINDOWSSpiderman.INI [2009/07/12 10:32:17 | 000,158,952 | ---- | C] () -- C:WINDOWSSystem32PubPlugin.dll [2009/06/29 17:33:43 | 000,000,000 | ---- | C] () -- C:Documents and SettingsAll UsersApplication DataLauncherAccess.dt [2009/06/29 17:27:54 | 000,005,632 | ---- | C] () -- C:WINDOWSSystem32driversStarOpen.sys [2009/06/01 19:43:54 | 000,019,558 | ---- | C] () -- C:WINDOWShpoins01.dat [2009/06/01 19:43:54 | 000,016,606 | ---- | C] () -- C:WINDOWShpomdl01.dat [2009/05/22 09:48:05 | 000,004,205 | ---- | C] () -- C:WINDOWSODBCINST.INI [2009/05/22 09:45:27 | 000,293,272 | ---- | C] () -- C:WINDOWSSystem32FNTCACHE.DAT [2009/05/22 09:13:54 | 000,000,127 | ---- | C] () -- C:Documents and SettingsmamaLocal SettingsApplication Datafusioncache.dat [2009/05/22 08:19:56 | 000,024,576 | R--- | C] () -- C:WINDOWSSystem32AsIO.dll [2009/05/22 08:19:56 | 000,012,400 | R--- | C] () -- C:WINDOWSSystem32driversAsIO.sys [2009/05/22 08:19:54 | 000,011,832 | ---- | C] () -- C:WINDOWSSystem32driversAsInsHelp64.sys [2009/05/22 08:19:54 | 000,010,216 | ---- | C] () -- C:WINDOWSSystem32driversAsInsHelp32.sys [2009/05/22 08:06:28 | 000,028,928 | ---- | C] () -- C:WINDOWSAscd_log.ini [2009/05/22 08:05:27 | 000,005,810 | R--- | C] () -- C:WINDOWSSystem32driversASACPI.sys [2009/05/22 08:05:12 | 000,028,545 | ---- | C] () -- C:WINDOWSAscd_tmp.ini [2009/05/22 08:05:12 | 000,010,296 | ---- | C] () -- C:WINDOWSSystem32driversASUSHWIO.SYS [2009/05/22 08:01:16 | 000,002,048 | --S- | C] () -- C:WINDOWSbootstat.dat [2009/05/22 07:57:44 | 000,021,748 | ---- | C] () -- C:WINDOWSSystem32emptyregdb.dat [2009/02/09 06:18:00 | 001,724,416 | ---- | C] () -- C:WINDOWSSystem32nvwdmcpl.dll [2009/02/09 06:18:00 | 001,657,376 | ---- | C] () -- C:WINDOWSSystem32nwiz.exe [2009/02/09 06:18:00 | 001,507,328 | ---- | C] () -- C:WINDOWSSystem32nview.dll [2009/02/09 06:18:00 | 001,346,080 | ---- | C] () -- C:WINDOWSSystem32nvdspsch.exe [2009/02/09 06:18:00 | 001,101,824 | ---- | C] () -- C:WINDOWSSystem32nvwimg.dll [2009/02/09 06:18:00 | 000,466,944 | ---- | C] () -- C:WINDOWSSystem32nvshell.dll [2009/02/09 06:18:00 | 000,449,056 | ---- | C] () -- C:WINDOWSSystem32nvappbar.exe [2009/02/09 06:18:00 | 000,436,768 | ---- | C] () -- C:WINDOWSSystem32keystone.exe [2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:WINDOWSSystem32physxcudart_20.dll [2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelTraditionalChinese.dll [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelSwedish.dll [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelSpanish.dll [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelSimplifiedChinese.dll [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelPortugese.dll [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelKorean.dll [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelJapanese.dll [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelGerman.dll [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelFrench.dll [2008/04/15 21:18:40 | 002,084,371 | ---- | C] () -- C:WINDOWSSystem32x264vfw.dll [2007/11/06 21:19:28 | 000,053,299 | ---- | C] () -- C:WINDOWSSystem32pthreadVC.dll [2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:WINDOWSSystem32oembios.bin [2004/08/04 13:00:00 | 000,706,232 | ---- | C] () -- C:WINDOWSSystem32perfh013.dat [2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:WINDOWSSystem32mlang.dat [2004/08/04 13:00:00 | 000,607,070 | ---- | C] () -- C:WINDOWSSystem32perfh009.dat [2004/08/04 13:00:00 | 000,318,670 | ---- | C] () -- C:WINDOWSSystem32perfi013.dat [2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:WINDOWSSystem32perfi009.dat [2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:WINDOWSSystem32dssec.dat [2004/08/04 13:00:00 | 000,185,908 | ---- | C] () -- C:WINDOWSSystem32perfc013.dat [2004/08/04 13:00:00 | 000,143,122 | ---- | C] () -- C:WINDOWSSystem32perfc009.dat [2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:WINDOWSSystem32mib.bin [2004/08/04 13:00:00 | 000,039,178 | ---- | C] () -- C:WINDOWSSystem32perfd013.dat [2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:WINDOWSSystem32perfd009.dat [2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:WINDOWSSystem32secupd.dat [2004/08/04 13:00:00 | 000,004,463 | ---- | C] () -- C:WINDOWSSystem32oembios.dat [2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:WINDOWSSystem32dcache.bin [2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:WINDOWSSystem32noise.dat [1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:WINDOWSSystem32giveio.sys ========== LOP Check ========== [2011/06/05 18:17:28 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Data1C119 [2009/08/13 17:27:03 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataActivision [2011/06/05 18:17:43 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Databoost_interprocess [2011/08/10 19:26:46 | 000,000,000 | -H-D | M] -- C:Documents and SettingsAll UsersApplication DataCanonBJ [2011/03/14 17:01:35 | 000,000,000 | -H-D | M] -- C:Documents and SettingsAll UsersApplication DataCommon Files [2011/07/10 20:57:25 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataEasybits GO [2009/09/22 08:35:45 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataF-Secure [2011/10/19 15:31:15 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataHEMA Fotoservice [2011/08/13 16:42:06 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataInterVideo [2011/11/03 06:59:36 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataLogMeIn [2011/11/03 07:06:22 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataPCPitstop [2011/10/30 17:56:16 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataPCPitstopDat [2010/01/27 22:03:05 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataTEMP [2011/10/19 14:58:56 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Datatmp [2009/12/05 19:06:30 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataUbisoft [2011/08/10 18:15:10 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataUlead Systems [2010/07/08 13:43:28 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Data{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/09/27 18:32:40 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Data{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/06/10 13:06:41 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Data{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2009/11/08 09:09:14 | 000,000,000 | ---D | M] -- C:Documents and SettingsmamaApplication DataActivision [2011/04/12 21:32:42 | 000,000,000 | ---D | M] -- C:Documents and SettingsmamaApplication DataBabylonToolbar [2011/06/05 21:35:52 | 000,000,000 | ---D | M] -- C:Documents and SettingsmamaApplication Databsbandmltbpi [2009/06/01 18:56:09 | 000,000,000 | ---D | M] -- C:Documents and SettingsmamaApplication DataGenie-Soft [2011/06/12 20:49:28 | 000,000,000 | ---D | M] -- C:Documents and SettingsmamaApplication DataPriceGong [2011/08/10 21:45:48 | 000,000,000 | ---D | M] -- C:Documents and SettingsmamaApplication DataUlead Systems [2009/06/04 18:37:34 | 000,000,344 | ---- | M] () -- C:WINDOWSTasksFRU Task #Hewlett-Packard#hp psc 1200 series#1243881968.job [2011/11/03 07:04:41 | 000,000,424 | -H-- | M] () -- C:WINDOWSTasksMP Scheduled Scan.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%*.* > [2009/05/22 21:24:16 | 000,001,024 | ---- | M] () -- C:.rnd [2009/05/22 07:59:54 | 000,000,000 | ---- | M] () -- C:AUTOEXEC.BAT [2009/09/21 19:36:07 | 000,000,211 | -HS- | M] () -- C:boot.ini [2004/08/04 13:00:00 | 000,004,952 | RHS- | M] () -- C:Bootfont.bin [2009/08/17 14:07:00 | 000,000,074 | ---- | M] () -- C:CMLoader.log [2009/05/22 07:59:54 | 000,000,000 | ---- | M] () -- C:CONFIG.SYS [2010/11/17 18:56:16 | 000,000,135 | ---- | M] () -- C:error.log [2011/08/09 12:38:56 | 000,000,524 | ---- | M] () -- C:hpfr3420.xml [2011/08/09 12:38:56 | 000,206,064 | ---- | M] () -- C:hpfr3425.log [2009/08/15 23:05:02 | 000,000,921 | -H-- | M] () -- C:hpothb07.dat [2009/08/15 23:05:02 | 000,002,225 | -H-- | M] () -- C:hpothb07.tif [2011/02/16 17:22:12 | 000,460,824 | ---- | M] () -- C:img2-001.raw [2009/05/22 07:59:54 | 000,000,000 | RHS- | M] () -- C:IO.SYS [2009/05/22 07:59:54 | 000,000,000 | RHS- | M] () -- C:MSDOS.SYS [2004/08/04 13:00:00 | 000,047,564 | RHS- | M] () -- C:NTDETECT.COM [2009/05/22 08:41:40 | 000,251,712 | RHS- | M] () -- C:ntldr [2011/11/03 06:59:24 | 2145,386,496 | -HS- | M] () -- C:pagefile.sys [2009/05/22 08:07:45 | 000,001,589 | ---- | M] () -- C:RHDSetup.log < %systemroot%Fonts*.com > [2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:WINDOWSFontsGlobalMonospace.CompositeFont [2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:WINDOWSFontsGlobalSansSerif.CompositeFont [2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:WINDOWSFontsGlobalSerif.CompositeFont [2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:WINDOWSFontsGlobalUserInterface.CompositeFont < %systemroot%Fonts*.dll > < %systemroot%Fonts*.ini > [2009/05/22 07:59:35 | 000,000,067 | -HS- | M] () -- C:WINDOWSFontsdesktop.ini < %systemroot%Fonts*.ini2 > < %systemroot%Fonts*.exe > < %systemroot%system32spoolprtprocsw32x86*.* > [2010/08/25 04:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:WINDOWSsystem32spoolprtprocsw32x86CNMPDA9.DLL [2010/08/25 04:00:00 | 000,073,216 | ---- | M] (CANON INC.) -- C:WINDOWSsystem32spoolprtprocsw32x86CNMPPA9.DLL [2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:WINDOWSsystem32spoolprtprocsw32x86filterpipelineprintproc.dll [2011/10/08 07:50:36 | 000,052,096 | ---- | M] (LogMeIn, Inc.) -- C:WINDOWSsystem32spoolprtprocsw32x86LMIproc.dll [2008/07/06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:WINDOWSsystem32spoolprtprocsw32x86printfilterpipelinesvc.exe < %systemroot%REPAIR*.bak1 > < %systemroot%REPAIR*.ini > < %systemroot%system32*.jpg > < %systemroot%*.jpg > < %systemroot%*.png > < %systemroot%*.scr > [2010/04/17 02:11:10 | 000,307,056 | ---- | M] (Microsoft Corporation) -- C:WINDOWSWLXPGSS.SCR [1 C:WINDOWS*.tmp files -> C:WINDOWS*.tmp -> ] < %systemroot%*._sy > < %APPDATA%AdobeUpdate*.* > < %ALLUSERSPROFILE%Favorites*.* > < %APPDATA%Microsoft*.* > < %PROGRAMFILES%*.* > < %APPDATA%Update*.* > < %systemroot%*. /mp /s > < %systemroot%System32config*.sav > [2009/05/22 09:44:41 | 000,094,208 | ---- | M] () -- C:WINDOWSSystem32configdefault.sav [2009/05/22 09:44:41 | 000,663,552 | ---- | M] () -- C:WINDOWSSystem32configsoftware.sav [2009/05/22 09:44:41 | 000,450,560 | ---- | M] () -- C:WINDOWSSystem32configsystem.sav < %PROGRAMFILES%bak. /s > < %systemroot%system32bak. /s > < %ALLUSERSPROFILE%Start Menu*.lîk /x > < %systemroot%system32configsystemprofile*.dat /x > < %systemroot%*.config > < %systemroot%system32*.db > < %PROGRAMFILES%Internet Explorer*.dat > < %APPDATA%MikzosoftInternet ExplorerQuick Launch*.lnk /x > < %USERPROFILE%Deskuop*.exe > < %PROGRAMFILES%Common Files*.* > < %systemroot%*.src > [2007/04/10 22:46:53 | 000,013,023 | ---- | M] () -- C:WINDOWSVX1000.src [1 C:WINDOWS*.tmp files -> C:WINDOWS*.tmp -> ] < %systemroot%install*.* > < %systemroot%system32DLL*.* > < %systemroot%system32HelpFiles*.* > < %systemroot%system32rundll*.* > < %systemroot%winn32*.* > < %systemroot%Java*.* > < %systemroot%system32test*.* > < %systemroot%system32Rundll32*.* > < HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU > < HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs > HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstallLastSuccessTime: 2011-10-14 06:01:59 < MD5 for: EXPLORER.EXE > [2004/08/04 13:00:00 | 001,035,776 | ---- | M] (Microsoft Corporation) MD5=A1D7304A87FC3093150F5E3CC7B0F338 -- C:WINDOWS$NtServicePackUninstall$explorer.exe [2008/04/14 18:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=AA04F042A820BF1868E643575887E1A6 -- C:WINDOWSexplorer.exe [2008/04/14 18:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=AA04F042A820BF1868E643575887E1A6 -- C:WINDOWSServicePackFilesi386explorer.exe < MD5 for: EXPLORER.EXE-082F38A9.PF > [2011/11/03 07:06:16 | 000,133,228 | ---- | M] () MD5=EF2588AEAF4EB23E279B74BF9CFAF701 -- C:WINDOWSPrefetchEXPLORER.EXE-082F38A9.pf < MD5 for: EXPLORER.SCF > [2004/08/04 13:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:WINDOWSexplorer.scf < MD5 for: IEXPLORE.CHM > [2009/02/26 02:51:16 | 000,579,272 | ---- | M] () MD5=63E0C6D9070736AAAD95791A8C028E86 -- C:WINDOWSHelpiexplore.chm [2004/08/04 13:00:00 | 000,226,342 | ---- | M] () MD5=8CBC2453EBF6EE5AC54027A9F8CB0D42 -- C:WINDOWSie8iexplore.chm < MD5 for: IEXPLORE.EXE > [2008/04/14 18:03:01 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=164B6F619C579FAD4E548ACC654FF710 -- C:WINDOWSie8iexplore.exe [2008/04/14 18:03:01 | 000,093,184 | ---- | M] (Microsoft Corporation Link to post Share on other sites
gagaman Posted November 3, 2011 Author Share Posted November 3, 2011 Extra.TXT OTL Extras logfile created on: 3/11/2011 7:10:37 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:Documents and SettingsmamaBureaublad Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = ) Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy 3,25 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 80,21% Memory free 5,09 Gb Paging File | 4,58 Gb Available in Paging File | 89,96% Paging File free Paging file location(s): C:pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files Drive C: | 146,48 Gb Total Space | 32,46 Gb Free Space | 22,16% Space Free | Partition Type: NTFS Drive D: | 151,61 Gb Total Space | 141,39 Gb Free Space | 93,26% Space Free | Partition Type: NTFS Computer Name: FRANCINE | User Name: mama | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINESOFTWAREClasses<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_CURRENT_USERSOFTWAREClasses<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1 Directory [bol.com fotoservice] -- "C:Program Filesbol.combol.com fotoservicebol.com fotoservice.exe" "%1" Directory [CEWE Fotoshow] -- "C:Program Filesbol.combol.com fotoserviceCEWE Fotoshow.exe" -d "%1" () Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringAhnlabAntiVirus] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringKasperskyAntiVirus] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeAntiVirus] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeFirewall] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaAntiVirus] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaFirewall] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSophosAntiVirus] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecAntiVirus] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecFirewall] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTinyFirewall] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendAntiVirus] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendFirewall] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSr] "Start" = 0 [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileGloballyOpenPortsList] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileGloballyOpenPortsList] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "1620:UDP" = 1620:UDP:*:Enabled:Windows Media Format SDK (wmplayer.exe) "1621:UDP" = 1621:UDP:*:Enabled:Windows Media Format SDK (wmplayer.exe) "1624:UDP" = 1624:UDP:*:Enabled:Windows Media Format SDK (wmplayer.exe) ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList] "C:Program FilesBearShare ApplicationsBearShareBearShare.exe" = C:Program FilesBearShare ApplicationsBearShareBearShare.exe:*:Enabled:BearShare [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList] "C:Program FilesAVGAVG8avgemc.exe" = C:Program FilesAVGAVG8avgemc.exe:*:Enabled:avgemc.exe "C:Program FilesAVGAVG8avgupd.exe" = C:Program FilesAVGAVG8avgupd.exe:*:Enabled:avgupd.exe "C:Program FilesAVGAVG8avgnsx.exe" = C:Program FilesAVGAVG8avgnsx.exe:*:Enabled:avgnsx.exe "C:WINDOWSDownloaded Program FilesPurpleBean.exe" = C:WINDOWSDownloaded Program FilesPurpleBean.exe:*:Enabled:PurpleBean.exe -- () "C:ijjiENGLISHu_sfsoldierfront.exe" = C:ijjiENGLISHu_sfsoldierfront.exe:*:Disabled:soldierfront -- () "C:Program FilesUbisoftAssassin's CreedAssassinsCreed_Dx9.exe" = C:Program FilesUbisoftAssassin's CreedAssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9 -- (Ubisoft) "C:Program FilesUbisoftAssassin's CreedAssassinsCreed_Dx10.exe" = C:Program FilesUbisoftAssassin's CreedAssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10 -- (Ubisoft) "C:Program FilesUbisoftAssassin's CreedAssassinsCreed_Launcher.exe" = C:Program FilesUbisoftAssassin's CreedAssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update -- (Ubisoft) "C:Program FilesActivisionCall of Duty - World at WarCoDWaW.exe" = C:Program FilesActivisionCall of Duty - World at WarCoDWaW.exe:*:Enabled:Call of Duty® - World at War -- (Activision Blizzard, Inc.) "C:Program FilesActivisionCall of Duty - World at WarCoDWaWmp.exe" = C:Program FilesActivisionCall of Duty - World at WarCoDWaWmp.exe:*:Enabled:Call of Duty® - World at War -- (Activision Blizzard, Inc.) "C:WINDOWSDownloaded Program FilesijjiOptimizer.exe" = C:WINDOWSDownloaded Program FilesijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe -- () "C:Program FilesMicrosoft LifeCamLifeCam.exe" = C:Program FilesMicrosoft LifeCamLifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation) "C:Program FilesMicrosoft LifeCamLifeExp.exe" = C:Program FilesMicrosoft LifeCamLifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation) "C:Program FilesSkypePlugin ManagerskypePM.exe" = C:Program FilesSkypePlugin ManagerskypePM.exe:*:Enabled:Skype Extras Manager "C:Program FilesSteamSteamAppscommoncall of duty modern warfare 2iw4sp.exe" = C:Program FilesSteamSteamAppscommoncall of duty modern warfare 2iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- () "C:Program FilesSteamSteamAppscommoncall of duty modern warfare 2iw4mp.exe" = C:Program FilesSteamSteamAppscommoncall of duty modern warfare 2iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- () "C:Program FilesGoogleGoogle Earthclientgoogleearth.exe" = C:Program FilesGoogleGoogle Earthclientgoogleearth.exe:*:Enabled:Google Earth -- (Google) "C:Program FilesWolfenstein - Enemy TerritoryET.exe" = C:Program FilesWolfenstein - Enemy TerritoryET.exe:*:Enabled:ET -- () "C:Program FilesBearShare ApplicationsBearShareBearShare.exe" = C:Program FilesBearShare ApplicationsBearShareBearShare.exe:*:Enabled:BearShare "C:Program FilesSafariSafari.exe" = C:Program FilesSafariSafari.exe:*:Enabled:Safari -- (Apple Inc.) "C:Program FilesActivisionCall of Duty 2CoD2MP_s.exe" = C:Program FilesActivisionCall of Duty 2CoD2MP_s.exe:*:Enabled:CoD2MP_s -- () "C:Program FilesActivisionCall of Duty 4 - Modern Warfareiw3mp.exe" = C:Program FilesActivisionCall of Duty 4 - Modern Warfareiw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware "{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nld "{1193600A-134F-40F9-9F71-FEF54C93C629}" = YouSendIt Express "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series" = Canon MP495 series MP Drivers "{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty® - World at War 1.3 Patch "{168F8BAC-A269-48E9-BB7A-A51B594CF6FF}" = Microsoft .NET Framework 1.1 Dutch Language Pack "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3 "{1BD6AE96-4742-4498-9D03-9451C7E5A214}" = Windows Live aanmeldhulp "{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live - Hulpprogramma voor uploaden "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 16 "{2869F5EA-93C3-48E5-80DF-DB696BC84A91}" = Windows Live Mail "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War 1.2 Patch "{2C86B1A6-B82C-4C3F-B6E8-C00C20D512A1}" = Sudoku Beginner "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{350C9413-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35CA031C-D3CD-4A28-8D9B-C71466C4F045}" = Windows Live Writer "{41DFDD57-21B7-4C48-8C75-FFB35696CA8B}" = Windows Live Toolbar "{43B0D334-9A1B-4257-9E51-D3813BD8B9D0}" = GoGear ARIA Device Manager "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client NL-NL Language Pack "{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{5DF7AA5E-A1CB-11E0-A7D6-0013D3D69929}" = MSVCRT Redists "{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6BF4613C-0A46-43AA-8FA8-0CB9F2C1A548}" = InterVideo WinDVR 3 "{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari "{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP-software voor foto- en beeldbewerking 2.0 - All-in-One stuurprogramma "{6FEC9863-5EF2-4A07-9D0B-CA81B47E3F59}" = Windows Live Photo Gallery "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel "{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes "{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8ADE24B2-DCA4-4A1E-8B52-A5B435522D9E}" = Soldier Front "{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine "{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD "{90120000-0010-0413-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Dutch) 12 "{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007 "{90120000-0015-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007 "{90120000-0016-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007 "{90120000-0018-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007 "{90120000-0019-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007 "{90120000-001A-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007 "{90120000-001B-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007 "{90120000-001F-0413-0000-0000000FF1CE}_ENTERPRISE_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2007 "{90120000-0044-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007 "{90120000-006E-0413-0000-0000000FF1CE}_ENTERPRISE_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2007 "{90120000-00A1-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0413-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2007 "{90120000-00BA-0413-0000-0000000FF1CE}_ENTERPRISE_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR "{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare 1.7 Patch "{95120000-003F-0413-0000-0000000FF1CE}" = Microsoft Office Excel Viewer "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP-software voor foto- en beeldbewerking 2.0 - All-in-One "{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync "{9A1027CE-83F6-3CB2-B9BA-9DA38D0907D0}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - NLD "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CE80D58-2E74-4FF4-A2D2-5E714E470F36}" = ASUS nVidia Driver "{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8 "{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab "{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War 1.4 Patch "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.09.16 "{AC76BA86-7AD7-1043-7B44-A91000000001}" = Adobe Reader 9.1 - Nederlands "{B03B98E3-2795-48F6-BA33-793BBF5DF685}" = SMI Grabber Device "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support "{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C06B9160-52A1-4453-B7BC-206EFB0C7F3A}" = Samsung PC Studio 3 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C20C2630-B3A7-44BA-BDD0-31E256AE490E}" = Windows Live Call "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3 "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series "{CAEB2BE8-EF9E-4BFE-8165-3B54B62AF6CF}" = Windows Live Family Safety "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC38A00D-7EED-46CE-9281-D1D97B81F22A}" = Windows Live Messenger "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2 "{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War "{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX "{E34F703A-1C9D-4B1F-ABBE-D7E8800B860D}" = Windows Live Sync "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E45CACFE-0576-4375-A84F-C34B99A7B652}" = D-Link DWA-125 "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare "{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}" = Media Converter for Philips "{EB5A3E9D-91CF-4C97-B816-72DE0625ACA3}" = Windows Live Essentials "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F73EA8BF-81F5-32AF-8D8A-24F12FD23B79}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - NLD "{F8EDC0F8-15BC-4411-8762-77105C8AAEEC}" = Microsoft Antimalware Service NL-NL Language Pack "5D26283FF35ECB8C8F1198F7E3C1F10046EC11A4" = Windows-stuurprogrammapakket - NVIDIA (nv) Display (01/11/2010 6.14.11.9621) "68B5B659620BA71C88432828271F056F69D0C6DE" = Windows-stuurprogrammapakket - Realtek Semiconductor Corp. HD Audio Driver (12/25/2009 5.10.0.6013) "6E5E9FF67691504D438CA4136E168A96A4E4FFC0" = Windows-stuurprogrammapakket - Atheros (L1e) Net (03/31/2009 1.0.0.36) "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "AMCap" = AMCap "Any Video Converter_is1" = Any Video Converter 3.1.1 "Applian Director2.1" = Applian Director "AviSynth" = AviSynth 2.5 "bol.com fotoservice" = bol.com fotoservice "CCleaner" = CCleaner "conduitEngine" = Conduit Engine "DScaler 4.1.15_is1" = DScaler 4.1.15 "Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.1 "ENTERPRISE" = Microsoft Office Enterprise 2007 "Free Audio Dub_is1" = Free Audio Dub version 1.7.7 "Free Studio_is1" = Free Studio version 5.0.8 "Free Video Dub_is1" = Free Video Dub version 1.8 "Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.1 "Free YouTube Download_is1" = Free YouTube Download 2.10 "Google Chrome" = Google Chrome "Gunz" = ijji - Gunz "HEMA Fotoservice_is1" = HEMA Fotoservice "HP PSC 1200 Series" = HP-software voor foto- en beeldbewerking 2.0 - HP psc 1200 "HUFFYUV" = Huffyuv AVI lossless video codec (Remove Only) "ie8" = Windows Internet Explorer 8 "Info Center_is1" = Info Center 1.0.0.7 "InstallShield_{1193600A-134F-40F9-9F71-FEF54C93C629}" = YouSendIt Express "InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty® - World at War 1.3 Patch "InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War 1.2 Patch "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare 1.7 Patch "InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War 1.4 Patch "InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty® 2 "InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty® - World at War "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare "LameACM" = Lame ACM MP3 Codec "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Security Client" = Microsoft Security Essentials "Mozilla Firefox 4.0.1 (x86 nl)" = Mozilla Firefox 4.0.1 (x86 nl) "NVIDIA Drivers" = NVIDIA Drivers "PC Matic_is1" = PC Matic 1.1.0.44 "PhotoScape" = PhotoScape "PowerISO" = PowerISO "PSP Video 9" = PSP Video 9 6 "PunkBusterSvc" = PunkBuster Services "Revo Uninstaller" = Revo Uninstaller 1.92 "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "SpywareBlaster_is1" = SpywareBlaster 4.2 "SpywareGuard_is1" = SpywareGuard v2.2 "Steam App 10180" = Call of Duty: Modern Warfare 2 "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer "SystemRequirementsLab" = System Requirements Lab "Uninstall_is1" = Uninstall 1.0.0.1 "Videora iPod touch Converter" = Videora iPod touch Converter 6 "Windows Media Encoder 9" = Windows Media Encoder 9 Series "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinPcapInst" = WinPcap 4.0.2 "WinRAR archiver" = WinRAR "Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory "x264vfw" = x264vfw - H.264/MPEG-4 AVC codec (remove only) "Xfire" = Xfire (remove only) "YouTube Downloader App" = YouTube Downloader App 3.00 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionUninstall] ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 1/11/2011 4:48:49 | Computer Name = FRANCINE | Source = LoadPerf | ID = 3011 Description = Het verwijderen van de tekenreeksen van prestatiemeteritems voor de WmiApRpl-service (WmiApRpl) is mislukt. De foutcode is de eerste DWORD in de sectie Gegevens. Error - 2/11/2011 5:25:38 | Computer Name = FRANCINE | Source = LoadPerf | ID = 3012 Description = De prestatietekenreeksen in de waarde van de registersleutel Performance worden beschadigd bij het verwerken van de Performance extension counter provider. De waarde van BaseIndex in de registersleutel Performance is de eerste DWORD in de gegevenssectie, de waarde van LastCounter de tweede DWORD en de waarde van LastHelp de derde DWORD. Error - 2/11/2011 5:25:38 | Computer Name = FRANCINE | Source = LoadPerf | ID = 3012 Description = De prestatietekenreeksen in de waarde van de registersleutel Performance worden beschadigd bij het verwerken van de Performance extension counter provider. De waarde van BaseIndex in de registersleutel Performance is de eerste DWORD in de gegevenssectie, de waarde van LastCounter de tweede DWORD en de waarde van LastHelp de derde DWORD. Error - 2/11/2011 5:25:38 | Computer Name = FRANCINE | Source = LoadPerf | ID = 3011 Description = Het verwijderen van de tekenreeksen van prestatiemeteritems voor de WmiApRpl-service (WmiApRpl) is mislukt. De foutcode is de eerste DWORD in de sectie Gegevens. Error - 2/11/2011 9:14:17 | Computer Name = FRANCINE | Source = LoadPerf | ID = 3012 Description = De prestatietekenreeksen in de waarde van de registersleutel Performance worden beschadigd bij het verwerken van de Performance extension counter provider. De waarde van BaseIndex in de registersleutel Performance is de eerste DWORD in de gegevenssectie, de waarde van LastCounter de tweede DWORD en de waarde van LastHelp de derde DWORD. Error - 2/11/2011 9:14:18 | Computer Name = FRANCINE | Source = LoadPerf | ID = 3012 Description = De prestatietekenreeksen in de waarde van de registersleutel Performance worden beschadigd bij het verwerken van de Performance extension counter provider. De waarde van BaseIndex in de registersleutel Performance is de eerste DWORD in de gegevenssectie, de waarde van LastCounter de tweede DWORD en de waarde van LastHelp de derde DWORD. Error - 2/11/2011 9:14:18 | Computer Name = FRANCINE | Source = LoadPerf | ID = 3011 Description = Het verwijderen van de tekenreeksen van prestatiemeteritems voor de WmiApRpl-service (WmiApRpl) is mislukt. De foutcode is de eerste DWORD in de sectie Gegevens. Error - 3/11/2011 2:03:39 | Computer Name = FRANCINE | Source = LoadPerf | ID = 3012 Description = De prestatietekenreeksen in de waarde van de registersleutel Performance worden beschadigd bij het verwerken van de Performance extension counter provider. De waarde van BaseIndex in de registersleutel Performance is de eerste DWORD in de gegevenssectie, de waarde van LastCounter de tweede DWORD en de waarde van LastHelp de derde DWORD. Error - 3/11/2011 2:03:39 | Computer Name = FRANCINE | Source = LoadPerf | ID = 3012 Description = De prestatietekenreeksen in de waarde van de registersleutel Performance worden beschadigd bij het verwerken van de Performance extension counter provider. De waarde van BaseIndex in de registersleutel Performance is de eerste DWORD in de gegevenssectie, de waarde van LastCounter de tweede DWORD en de waarde van LastHelp de derde DWORD. Error - 3/11/2011 2:03:39 | Computer Name = FRANCINE | Source = LoadPerf | ID = 3011 Description = Het verwijderen van de tekenreeksen van prestatiemeteritems voor de WmiApRpl-service (WmiApRpl) is mislukt. De foutcode is de eerste DWORD in de sectie Gegevens. [ OSession Events ] Error - 2/06/2009 15:19:05 | Computer Name = FRANCINE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. Error - 2/06/2009 15:19:33 | Computer Name = FRANCINE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17 seconds with 0 seconds of active time. This session ended with a crash. Error - 2/06/2009 15:19:55 | Computer Name = FRANCINE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14 seconds with 0 seconds of active time. This session ended with a crash. Error - 13/07/2009 5:40:04 | Computer Name = FRANCINE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error - 13/07/2009 5:40:10 | Computer Name = FRANCINE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended with a crash. Error - 6/04/2011 11:12:26 | Computer Name = FRANCINE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash. Error - 3/06/2011 12:49:47 | Computer Name = FRANCINE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11 seconds with 0 seconds of active time. This session ended with a crash. Error - 3/06/2011 16:16:19 | Computer Name = FRANCINE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash. Error - 3/06/2011 16:16:30 | Computer Name = FRANCINE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash. Error - 1/09/2011 13:58:16 | Computer Name = FRANCINE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2069 seconds with 1320 seconds of active time. This session ended with a crash. [ System Events ] Error - 30/10/2011 11:00:59 | Computer Name = FRANCINE | Source = DCOM | ID = 10005 Description = DCOM kreeg foutmelding '%1084' bij het starten van de MSIServer-service met de argumenten '' om de server {000C101C-0000-0000-C000-000000000046} te starten Error - 30/10/2011 11:01:12 | Computer Name = FRANCINE | Source = DCOM | ID = 10005 Description = DCOM kreeg foutmelding '%1084' bij het starten van de MSIServer-service met de argumenten '' om de server {000C101C-0000-0000-C000-000000000046} te starten Error - 30/10/2011 11:02:51 | Computer Name = FRANCINE | Source = DCOM | ID = 10005 Description = DCOM kreeg foutmelding '%1084' bij het starten van de wuauserv-service met de argumenten '' om de server {E60687F7-01A1-40AA-86AC-DB1CBF673334} te starten Error - 30/10/2011 11:16:56 | Computer Name = FRANCINE | Source = DCOM | ID = 10005 Description = DCOM kreeg foutmelding '%1084' bij het starten van de EventSystem-service met de argumenten '' om de server {1BE1F766-5536-11D1-B726-00C04FB926AF} te starten Error - 30/10/2011 12:21:01 | Computer Name = FRANCINE | Source = Microsoft Antimalware | ID = 2001 Description = %%860 heeft een fout aangetroffen bij het bijwerken van handtekeningen. Nieuwe handtekeningversie: Vorige handtekeningversie: 1.115.893.0 Updatebron: %%859 Updatefase: %%854 Bronpad: http://www.microsoft.com Handtekeningtype: %%800 Updatetype: %%803 Gebruiker: NT AUTHORITYSYSTEM Huidige engineversie: Vorige engineversie: 1.1.7801.0 Foutcode: 0x80240016 Foutbeschrijving: Er is tijdens het zoeken naar updates een onverwacht probleem opgetreden. Raadpleeg Help en ondersteuning voor meer informatie over het installeren van updates en het oplossen van problemen. Error - 30/10/2011 12:21:01 | Computer Name = FRANCINE | Source = Microsoft Antimalware | ID = 2001 Description = %%860 heeft een fout aangetroffen bij het bijwerken van handtekeningen. Nieuwe handtekeningversie: Vorige handtekeningversie: 1.115.893.0 Updatebron: %%859 Updatefase: %%854 Bronpad: http://www.microsoft.com Handtekeningtype: %%800 Updatetype: %%803 Gebruiker: NT AUTHORITYSYSTEM Huidige engineversie: Vorige engineversie: 1.1.7801.0 Foutcode: 0x80240016 Foutbeschrijving: Er is tijdens het zoeken naar updates een onverwacht probleem opgetreden. Raadpleeg Help en ondersteuning voor meer informatie over het installeren van updates en het oplossen van problemen. Error - 30/10/2011 12:21:01 | Computer Name = FRANCINE | Source = Microsoft Antimalware | ID = 2001 Description = %%860 heeft een fout aangetroffen bij het bijwerken van handtekeningen. Nieuwe handtekeningversie: Vorige handtekeningversie: 1.115.893.0 Updatebron: %%859 Updatefase: %%853 Bronpad: http://www.microsoft.com Handtekeningtype: %%800 Updatetype: %%803 Gebruiker: NT AUTHORITYSYSTEM Huidige engineversie: Vorige engineversie: 1.1.7801.0 Foutcode: 0x80240016 Foutbeschrijving: Er is tijdens het zoeken naar updates een onverwacht probleem opgetreden. Raadpleeg Help en ondersteuning voor meer informatie over het installeren van updates en het oplossen van problemen. Error - 30/10/2011 12:23:09 | Computer Name = FRANCINE | Source = Microsoft Antimalware | ID = 2001 Description = %%860 heeft een fout aangetroffen bij het bijwerken van handtekeningen. Nieuwe handtekeningversie: Vorige handtekeningversie: 1.115.893.0 Updatebron: %%859 Updatefase: %%854 Bronpad: http://www.microsoft.com Handtekeningtype: %%800 Updatetype: %%803 Gebruiker: NT AUTHORITYSYSTEM Huidige engineversie: Vorige engineversie: 1.1.7801.0 Foutcode: 0x80240016 Foutbeschrijving: Er is tijdens het zoeken naar updates een onverwacht probleem opgetreden. Raadpleeg Help en ondersteuning voor meer informatie over het installeren van updates en het oplossen van problemen. Error - 30/10/2011 12:23:09 | Computer Name = FRANCINE | Source = Microsoft Antimalware | ID = 2001 Description = %%860 heeft een fout aangetroffen bij het bijwerken van handtekeningen. Nieuwe handtekeningversie: Vorige handtekeningversie: 1.115.893.0 Updatebron: %%859 Updatefase: %%854 Bronpad: http://www.microsoft.com Handtekeningtype: %%800 Updatetype: %%803 Gebruiker: NT AUTHORITYSYSTEM Huidige engineversie: Vorige engineversie: 1.1.7801.0 Foutcode: 0x80240016 Foutbeschrijving: Er is tijdens het zoeken naar updates een onverwacht probleem opgetreden. Raadpleeg Help en ondersteuning voor meer informatie over het installeren van updates en het oplossen van problemen. Error - 30/10/2011 12:23:09 | Computer Name = FRANCINE | Source = Microsoft Antimalware | ID = 2001 Description = %%860 heeft een fout aangetroffen bij het bijwerken van handtekeningen. Nieuwe handtekeningversie: Vorige handtekeningversie: 1.115.893.0 Updatebron: %%859 Updatefase: %%853 Bronpad: http://www.microsoft.com Handtekeningtype: %%800 Updatetype: %%803 Gebruiker: NT AUTHORITYSYSTEM Huidige engineversie: Vorige engineversie: 1.1.7801.0 Foutcode: 0x80240016 Foutbeschrijving: Er is tijdens het zoeken naar updates een onverwacht probleem opgetreden. Raadpleeg Help en ondersteuning voor meer informatie over het installeren van updates en het oplossen van problemen. < End of report > Link to post Share on other sites
JonTom Posted November 3, 2011 Share Posted November 3, 2011 Hello gagaman After that I navigated manually to that map and did not find the file Thank you for letting me know Lets proceed as follows: Please open OTL Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box located at the bottom of OTL. :OTL PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaulturl: "http://search.babylo...search&AF=17243" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..keyword.URL: "http://search.babylo...rtrp&AF=17243=" [2011/04/12 21:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mama\Application Data\BabylonToolbar [2011/06/12 20:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mama\Application Data\PriceGong :Commands [purity] [emptytemp] [emptyflash] [start explorer] [Reboot] Once you have pasted the information into the Custom Scans/Fixes box, click the "Run Fix" button at the top. Allow the program to run unhindered. Your machine will re-start itself. This is normal. A log will be created after your machine reboots. Please post the contents of the log in your next reply. Please perform the following scan: Please download MalwareBytes AntiMalware by clicking here and save the file (called mbam-setup.exe) to your desktop.Double click on the mbam-setup.exe icon to install the program. Follow the prompts during installation and have the Installation Wizzard create a desktop icon. Once installed, double click on the MalwareBytes AntiMalware icon to launch the program. Click on the "Update" tab and then on "Check for Updates". The program will now install the latest Malware definition files. Once complete, click on the "Scanner" tab, select "Perform Quick Scan"and then click on "Scan". Once the program has scanned your computer, a log file will be created in Notepad. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important. When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer. The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab. Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately. Come back here to this thread and Paste the log in your next reply. Please update your Java To update your Java, Click on "Start" then on "Control Panel" and then on the Java icon (looks like a coffee cup). In the window that opens, click on the "Update" tab, and then on "Update Now". Your Java should begin to update. Please follow any prompts that you receive. Please run the following scan Note:Internet Explorer is preferred for this scan, although it will run with other browsers. Note for Vista/Windows 7 Users: ESET is compatible but Internet Explorer must be run as Administrator. To do this, right-click on your Internet Explorer icon and select "Run as Administrator". Please disable your real time security programs before performing the scan. Scan your system with Eset Online Scanner Place a check mark in the box YES, I accept the Terms Of Use. Click the button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps). Click on to download the ESET Smart Installer. Save it to your desktop. Double click on the icon on your desktop. Check Click the button. Accept any security warnings from your browser. Check Make sure that the option to "Remove Found Threats" is UN checked. Push the "Start" button. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. When the scan completes, push Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. Push the button. Push Please post the OTL log, the MBAM log and the ESET log in your next reply Link to post Share on other sites
gagaman Posted November 3, 2011 Author Share Posted November 3, 2011 (edited) Hello JonTom, Thanks for the reply. I followed your instructions. Had some problems with the esetscanner... I could not find the button. So could not create a log. I did make a screenshot of the results. Will post it below. Java is updated. OTL-Log All processes killed ========== OTL ========== No active process named explorer.exe was found! Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename Prefs.js: "http://search.babylo...search&AF=17243" removed from browser.search.defaulturl Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1 Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine Prefs.js: "http://search.babylo.....rtrp&AF=17243=" removed from keyword.URL C:Documents and SettingsmamaApplication DataBabylonToolbarBabylonToolbar folder moved successfully. C:Documents and SettingsmamaApplication DataPriceGongData folder moved successfully. C:Documents and SettingsmamaApplication DataPriceGong folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 114688 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 419 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LogMeInRemoteUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: mama ->Temp folder emptied: 765948 bytes ->Temporary Internet Files folder emptied: 13560635 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 45340284 bytes ->Google Chrome cache emptied: 0 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 702 bytes User: NetworkService ->Temp folder emptied: 6876 bytes ->Temporary Internet Files folder emptied: 857748 bytes User: Nienke User: Thomas ->Apple Safari cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%System32 .tmp files removed: 0 bytes %systemroot%System32dllcache .tmp files removed: 0 bytes %systemroot%System32drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 21861 bytes %systemroot%system32configsystemprofileLocal SettingsTemp folder emptied: 147094295 bytes %systemroot%system32configsystemprofileLocal SettingsTemporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 198,00 mb [EMPTYFLASH] User: Administrator ->Flash cache emptied: 0 bytes User: All Users User: Default User User: LocalService User: LogMeInRemoteUser User: mama ->Flash cache emptied: 0 bytes User: NetworkService User: Nienke User: Thomas Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.31.0 log created on 11032011_143122 FilesFolders moved on Reboot... Registry entries deleted on Reboot... Malwarebytes antimalware-log Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8075 Windows 5.1.2600 Service Pack 3 Internet Explorer Unknown 3/11/2011 14:41:01 mbam-log-2011-11-03 (14-41-01).txt Scan type: Quick scan Objects scanned: 227763 Time elapsed: 2 minute(s), 50 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 9 Files Infected: 7 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnumRootLEGACY_QUESTSCAN_SERVICE (Adware.QuestScan) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: c:documents and settingsThomasapplication datashoppingreport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully. c:documents and settingsThomasapplication datashoppingreport2cs (Adware.ShoppingReport2) -> Quarantined and deleted successfully. c:documents and settingsThomasapplication datashoppingreport2csdb (Adware.ShoppingReport2) -> Quarantined and deleted successfully. c:documents and settingsThomasapplication datashoppingreport2csdwld (Adware.ShoppingReport2) -> Quarantined and deleted successfully. c:documents and settingsThomasapplication datashoppingreport2csreport (Adware.ShoppingReport2) -> Quarantined and deleted successfully. c:program filesmozilla firefoxextensions{f0e1168a-b4b5-484c-b77e-0d28e6b64096} (Adware.QuestScan) -> Quarantined and deleted successfully. c:program filesmozilla firefoxextensions{f0e1168a-b4b5-484c-b77e-0d28e6b64096}chrome (Adware.QuestScan) -> Quarantined and deleted successfully. c:program filesmozilla firefoxextensions{f0e1168a-b4b5-484c-b77e-0d28e6b64096}defaults (Adware.QuestScan) -> Quarantined and deleted successfully. c:program filesmozilla firefoxextensions{f0e1168a-b4b5-484c-b77e-0d28e6b64096}defaultspreferences (Adware.QuestScan) -> Quarantined and deleted successfully. Files Infected: c:documents and settingsThomasapplication datashoppingreport2csConfig.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully. c:documents and settingsThomasapplication datashoppingreport2csdbAliases.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully. c:documents and settingsThomasapplication datashoppingreport2csreportaggr_storage.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully. c:documents and settingsThomasapplication datashoppingreport2csreportsend_storage.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully. c:program filesmozilla firefoxextensions{f0e1168a-b4b5-484c-b77e-0d28e6b64096}chrome.manifest (Adware.QuestScan) -> Quarantined and deleted successfully. c:program filesmozilla firefoxextensions{f0e1168a-b4b5-484c-b77e-0d28e6b64096}install.rdf (Adware.QuestScan) -> Quarantined and deleted successfully. c:program filesmozilla firefoxextensions{f0e1168a-b4b5-484c-b77e-0d28e6b64096}defaultspreferencesprefs.js (Adware.QuestScan) -> Quarantined and deleted successfully. Eset-log Edited November 3, 2011 by gagaman Link to post Share on other sites
JonTom Posted November 3, 2011 Share Posted November 3, 2011 Hello gagaman Thank you for the logs. OTL took care of the babylon leftovers and MBAM detected and removed some additional adware. ESET looks good How is the machine running now? Please scan the machine once more with DDS and post the logs in your next reply Link to post Share on other sites
gagaman Posted November 3, 2011 Author Share Posted November 3, 2011 The computer is running much better now. Its a little slow at startup, but I will check the services that load at startup and disable the ones that are not necessary. Will do this after you declared this machine clean Here are the dds logs:: DDS-log . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: BrowserJavaVersion: 1.6.0_29 Run by mama at 22:02:10 on 2011-11-03 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3327.2655 [GMT 1:00] . AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes =============== . C:Program FilesEmsisoft Anti-Malwarea2service.exe C:WINDOWSsystem32svchost -k DcomLaunch svchost.exe C:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe C:WINDOWSSystem32svchost.exe -k netsvcs C:WINDOWSsystem32svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:WINDOWSsystem32spoolsv.exe svchost.exe C:Program FilesSUPERAntiSpywareSASCORE.EXE C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe C:Program FilesBonjourmDNSResponder.exe C:Program FilesJavajre6binjqs.exe C:Program FilesLogMeInx86LMIGuardianSvc.exe C:Program FilesLogMeInx86RaMaint.exe C:Program FilesLogMeInx86LogMeIn.exe C:Program FilesMicrosoft LifeCamMSCamS32.exe C:WINDOWSsystem32PnkBstrA.exe C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe C:WINDOWSsystem32svchost.exe -k imgsvc C:WINDOWSsystem32wuauclt.exe C:WINDOWSsystem32wbemwmiapsrv.exe C:WINDOWSExplorer.EXE C:Program FilesASUSEPU-4 EngineFourEngine.exe C:Program FilesLogMeInx86LogMeInSystray.exe C:WINDOWSRTHDCPL.EXE C:WINDOWSvVX1000.exe C:Program FilesMicrosoft Security Clientmsseces.exe C:Program FilesiTunesiTunesHelper.exe C:Program FilesPowerISOPWRISOVM.EXE C:Program FilesCommon FilesInterVideoSchSvrSchSvr.exe C:Program FilesD-LinkDWA-125 revAAirGCFG.exe C:Program FilesD-LinkDWA-125 revAWZCSLDR2.exe C:Program FilesPCPitstopInfo CenterInfoCenter.exe C:Program FilesCommon FilesJavaJava Updatejusched.exe C:WINDOWSsystem32ctfmon.exe C:Program FilesSkypePhoneSkype.exe C:Program FilesInterVideoCommonBinWinCinemaMgr.exe C:Program FilesSpywareGuardsgmain.exe C:Program FilesSpywareGuardsgbhp.exe C:Program FilesiPodbiniPodService.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.be/ BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll uRun: [CTFMON.EXE] c:windowssystem32ctfmon.exe uRun: [skype] "c:program filesskypephoneSkype.exe" /nosplash /minimized uRunOnce: [shockwave Updater] c:windowssystem32adobeshockwave 11SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.dadsproject.com/Klokkijken/klokkijken.php" mRun: [six Engine] "c:program filesasusepu-4 engineFourEngine.exe" -r mRun: [LogMeIn GUI] "c:program fileslogmeinx86LogMeInSystray.exe" mRun: [RTHDCPL] RTHDCPL.EXE mRun: [LifeCam] "c:program filesmicrosoft lifecamLifeExp.exe" mRun: [VX1000] c:windowsvVX1000.exe mRun: [MSC] "c:program filesmicrosoft security clientmsseces.exe" -hide -runkey mRun: [AppleSyncNotifier] c:program filescommon filesapplemobile device supportAppleSyncNotifier.exe mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe" mRun: [PWRISOVM.EXE] c:program filespowerisoPWRISOVM.EXE -startup mRun: [uVS10 Preload] c:program filesulead systemsulead videostudio se dvduvPL.exe mRun: [WinDVR SchSvr] "c:program filescommon filesintervideoschsvrSchSvr.exe" mRun: [D-Link D-Link DWA-125] c:program filesd-linkdwa-125 revaAirGCFG.exe mRun: [WZCSLDR2] c:program filesd-linkdwa-125 revaWZCSLDR2.exe mRun: [info Center] c:program filespcpitstopinfo centerInfoCenter.exe mRun: [sunJavaUpdateSched] "c:program filescommon filesjavajava updatejusched.exe" dRun: [CTFMON.EXE] c:windowssystem32CTFMON.EXE dRun: [DWQueuedReporting] "c:progra~1common~1micros~1dwdwtrig20.exe" -t StartupFolder: c:docume~1mamamenust~1progra~1opstar~1spywar~1.lnk - c:program filesspywareguardsgmain.exe StartupFolder: c:docume~1alluse~1menust~1progra~1opstar~1interv~1.lnk - c:program filesintervideocommonbinWinCinemaMgr.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~2office12REFIEBAR.DLL DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243013861984 DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 195.130.130.4 195.130.131.4 TCP: Interfaces{4F52C767-993D-4BB5-AE28-5E54599325CC} : DhcpNameServer = 195.130.131.132 195.130.130.4 TCP: Interfaces{57CC1820-8280-407F-8BB2-EB8E5714DF5F} : DhcpNameServer = 195.130.130.4 195.130.131.4 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:program filesskypetoolbarsinternet explorerskypeieplugin.dll Notify: !SASWinLogon - c:program filessuperantispywareSASWINLO.DLL Notify: LMIinit - LMIinit.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:program filesspywareguardspywareguard.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:program filessuperantispywareSASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:documents and settingsmamaapplication datamozillafirefoxprofileshefq8rku.default FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17243 FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=17243&q= FF - plugin: c:program filesgooglegoogle earthpluginnpgeplugin.dll FF - plugin: c:program filesgoogleupdate1.3.21.79npGoogleUpdate3.dll FF - plugin: c:program filesmicrosoft silverlight4.0.60831.0npctrlui.dll FF - plugin: c:program filesmicrosoftoffice livenpOLW.dll FF - plugin: c:program fileswindows livephoto galleryNPWLPG.dll . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;c:windowssystem32driversMpFilter.sys [2010-10-24 165648] R1 MpKsl14b6f6d3;MpKsl14b6f6d3;c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{dd6b984f-b158-4aa3-8647-5ac4c6bf47da}MpKsl14b6f6d3.sys [2011-11-3 28752] R1 SASDIFSV;SASDIFSV;c:program filessuperantispywareSASDIFSV.SYS [2009-5-14 12880] R1 SASKUTIL;SASKUTIL;c:program filessuperantispywareSASKUTIL.SYS [2009-5-14 67664] R2 !SASCORE;SAS Core Service;c:program filessuperantispywareSASCORE.EXE [2011-6-12 116608] R2 a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service;c:program filesemsisoft anti-malwarea2service.exe [2011-6-13 3045688] R2 ANPD;ANPD Service;c:windowssystem32ANPD.SYS [2011-10-30 29411] R2 fssfltr;FssFltr;c:windowssystem32driversfssfltr_tdi.sys [2009-10-11 54752] R2 LMIGuardianSvc;LMIGuardianSvc;c:program fileslogmeinx86LMIGuardianSvc.exe [2010-10-5 374152] R2 LMIInfo;LogMeIn Kernel Information Provider;c:program fileslogmeinx86rainfo.sys [2008-7-24 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:windowssystem32driversLMIRfsDriver.sys [2009-5-22 47640] R3 rt2870;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:windowssystem32driversDrt2870.sys [2011-10-30 779136] S1 MpKsl2a03b60a;MpKsl2a03b60a;??c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{7262ea36-dceb-49b7-87ab-3885ae2c843c}mpksl2a03b60a.sys --> c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{7262ea36-dceb-49b7-87ab-3885ae2c843c}MpKsl2a03b60a.sys [?] S1 MpKslb124d8ed;MpKslb124d8ed;??c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{56bff251-6282-460b-b669-266224a92bb0}mpkslb124d8ed.sys --> c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{56bff251-6282-460b-b669-266224a92bb0}MpKslb124d8ed.sys [?] S1 MpKsld0e9bdc2;MpKsld0e9bdc2;??c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{70379d85-e50b-44ff-86e2-cfc904337769}mpksld0e9bdc2.sys --> c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{70379d85-e50b-44ff-86e2-cfc904337769}MpKsld0e9bdc2.sys [?] S3 a2acc;a2acc;c:program filesemsisoft anti-malwarea2accx86.sys [2011-6-13 73728] S3 Ambfilt;Ambfilt;c:windowssystem32driversAmbfilt.sys [2009-5-22 1691480] S3 D_Link_DWA-125;D_Link_DWA-125 Service;c:program filesd-linkdwa-125 revaANIWZCSdS.exe [2011-10-30 126976] S3 D_Link_DWA-125_WPS;D_Link_DWA-125_WPS Service;c:program filesd-linkdwa-125 revaANIWConnService.exe [2011-10-30 40960] S3 fsssvc;De service Windows Live Family Safety;c:program fileswindows livefamily safetyfsssvc.exe [2010-4-28 704872] S3 gupdate;Google Updateservice (gupdate);c:program filesgoogleupdateGoogleUpdate.exe [2009-11-22 135664] S3 gupdatem;Google Update-service (gupdatem);c:program filesgoogleupdateGoogleUpdate.exe [2009-11-22 135664] S3 MBAMSwissArmy;MBAMSwissArmy;??c:windowssystem32driversmbamswissarmy.sys --> c:windowssystem32driversmbamswissarmy.sys [?] S3 NPF;NetGroup Packet Filter Driver;c:windowssystem32driversnpf.sys [2007-11-6 34064] S3 npggsvc;nProtect GameGuard Service;c:windowssystem32gamemon.des -service --> c:windowssystem32GameMon.des -service [?] S3 PCPitstop Scheduling;PCPitstop Scheduling;c:program filespcpitstopPCPitstopScheduleService.exe [2011-10-30 91816] S3 SASENUM;SASENUM;c:program filessuperantispywareSASENUM.SYS [2009-5-14 12872] S3 SMIGrabber3C;SMI Grabber Device Tuner Filter 3C;c:windowssystem32driversSmiUsbGrabber3C.sys [2011-8-10 805632] S4 LMIRfsClientNP;LMIRfsClientNP; [x] . =============== Created Last 30 ================ . 2011-11-03 21:01:53 28752 ----a-w- c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{dd6b984f-b158-4aa3-8647-5ac4c6bf47da}MpKsl14b6f6d3.sys 2011-11-03 21:01:50 56200 ----a-w- c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{dd6b984f-b158-4aa3-8647-5ac4c6bf47da}offreg.dll 2011-11-03 21:01:40 6668624 ----a-w- c:documents and settingsall usersapplication datamicrosoftmicrosoft antimalwaredefinition updates{dd6b984f-b158-4aa3-8647-5ac4c6bf47da}mpengine.dll 2011-11-03 13:48:47 -------- d-----w- c:program filesESET 2011-11-03 13:46:16 472808 ----a-w- c:windowssystem32deployJava1.dll 2011-11-03 13:36:14 22216 ----a-w- c:windowssystem32driversmbam.sys 2011-11-03 13:36:14 -------- d-----w- c:program filesMalwarebytes' Anti-Malware 2011-11-03 13:31:22 -------- d-----w- C:_OTL 2011-11-02 10:25:29 -------- d--h--r- c:documents and settingsmamaOnlangs geopend 2011-11-01 11:01:21 -------- d-----w- c:program filesSIW 2011-10-30 20:44:37 388096 ----a-r- c:documents and settingsmamaapplication datamicrosoftinstaller{45a66726-69bc-466b-a7a4-12fcba4883d7}HiJackThis.exe 2011-10-30 20:44:36 -------- d-----w- c:program filesTrend Micro 2011-10-30 16:56:16 -------- d-----w- c:documents and settingsall usersapplication dataPCPitstopDat 2011-10-30 06:16:16 48640 ----a-w- c:windowssystem32ANPD64.SYS 2011-10-30 06:16:16 34008 ----a-w- c:windowssystem32ANPD.VXD 2011-10-30 06:16:16 315392 ----a-w- c:windowssystem32ANPDApi.dll 2011-10-30 06:16:16 29411 ----a-w- c:windowssystem32ANPD.SYS 2011-10-30 06:15:34 779136 ----a-w- c:windowssystem32driversDrt2870.sys 2011-10-30 06:15:33 221184 ----a-w- c:windowssystem32RaCoInst.dll 2011-10-30 06:15:32 -------- d-----w- c:program filesD-Link 2011-10-19 14:31:15 -------- d-----w- c:documents and settingsall usersapplication dataHEMA Fotoservice 2011-10-19 14:31:13 -------- d-----w- c:program filesHEMA Fotoservice 2011-10-13 17:56:57 -------- d-----w- c:documents and settingsall usersapplication datatmp 2011-10-13 17:56:56 -------- d-----w- c:documents and settingsall usersapplication datahps 2011-10-13 17:55:38 -------- d-----w- c:program filesbol.com . ==================== Find3M ==================== . 2011-11-02 13:11:21 414368 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl 2011-10-08 06:50:36 83360 ----a-w- c:windowssystem32LMIRfsClientNP.dll 2011-10-08 06:50:36 52096 ----a-w- c:windowssystem32spoolprtprocsw32x86LMIproc.dll 2011-10-08 06:50:35 87424 ----a-w- c:windowssystem32LMIinit.dll 2011-10-08 06:50:35 30592 ----a-w- c:windowssystem32LMIport.dll 2011-10-03 01:37:52 73728 ----a-w- c:windowssystem32javacpl.cpl 2011-09-26 09:41:44 614912 ----a-w- c:windowssystem32uiautomationcore.dll 2011-09-26 09:41:44 23040 ----a-w- c:windowssystem32oleaccrc.dll 2011-09-26 09:41:20 220160 ----a-w- c:windowssystem32oleacc.dll 2011-09-09 09:12:05 602624 ----a-w- c:windowssystem32crypt32.dll 2011-09-06 14:09:57 1859072 ----a-w- c:windowssystem32win32k.sys 2011-08-22 23:41:22 916480 ----a-w- c:windowssystem32wininet.dll 2011-08-22 23:41:20 43520 ----a-w- c:windowssystem32licmgr10.dll 2011-08-22 23:41:20 1469440 ----a-w- c:windowssystem32inetcpl.cpl 2011-08-22 11:58:28 385024 ----a-w- c:windowssystem32html.iec 2011-08-17 13:49:54 138496 ----a-w- c:windowssystem32driversafd.sys 2011-08-13 12:00:22 61244 ----a-w- c:windowssystem32x264vfw-uninstall.exe . ============= FINISH: 22:03:20,48 =============== Attach-log . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: DeviceHarddiskVolume1 Install Date: 22/05/2009 9:01:14 System Uptime: 3/11/2011 21:59:57 (1 hours ago) . Motherboard: ASUSTeK Computer INC. | | P5QL PRO Processor: Intel Pentium III Xeon-processor | LGA775 | 2997/333mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 146 GiB total, 32,311 GiB free. D: is FIXED (NTFS) - 152 GiB total, 141,391 GiB free. E: is CDROM () F: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP867: 30/10/2011 21:44:35 - Installed HiJackThis RP868: 1/11/2011 9:55:20 - Software Distribution Service 3.0 RP869: 2/11/2011 10:23:05 - Revo Uninstaller's restore point - µTorrent RP870: 2/11/2011 10:24:10 - Revo Uninstaller's restore point - LimeWire 5.1.3 RP871: 2/11/2011 10:31:54 - Software Distribution Service 3.0 RP872: 3/11/2011 7:11:53 - OTL Restore Point - 3/11/2011 7:11:49 RP873: 3/11/2011 14:45:51 - Installed Java 6 Update 29 RP874: 3/11/2011 14:53:44 - Software Distribution Service 3.0 . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.1 - Nederlands Adobe Shockwave Player 11.5 AMCap Any Video Converter 3.1.1 Apple Application Support Apple Mobile Device Support Apple Software Update Applian Director Assassin's Creed ASUS nVidia Driver Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver AviSynth 2.5 Beveiligingsupdate voor Microsoft Windows (KB2564958) Beveiligingsupdate voor Windows Internet Explorer 8 (KB2559049) Beveiligingsupdate voor Windows Internet Explorer 8 (KB2586448) Beveiligingsupdate voor Windows Media Encoder (KB2447961) Beveiligingsupdate voor Windows XP (KB2536276-v2) Beveiligingsupdate voor Windows XP (KB2562937) Beveiligingsupdate voor Windows XP (KB2566454) Beveiligingsupdate voor Windows XP (KB2567053) Beveiligingsupdate voor Windows XP (KB2567680) Beveiligingsupdate voor Windows XP (KB2570222) Beveiligingsupdate voor Windows XP (KB2570947) Beveiligingsupdate voor Windows XP (KB2592799) Beveiligingsupdate voor Windows XP (KB923789) bol.com fotoservice Bonjour Call of Duty® - World at War Call of Duty® - World at War 1.2 Patch Call of Duty® - World at War 1.3 Patch Call of Duty® - World at War 1.4 Patch Call of Duty® 2 Call of Duty® 4 - Modern Warfare Call of Duty® 4 - Modern Warfare 1.7 Patch Call of Duty: Modern Warfare 2 Call of Duty: Modern Warfare 2 - Multiplayer Canon MP495 series MP Drivers CCleaner Click to Call with Skype Conduit Engine D-Link DWA-125 DScaler 4.1.15 Emsisoft Anti-Malware 5.1 EPU-4 Engine ESET Online Scanner v3 Free Audio Dub version 1.7.7 Free Studio version 5.0.8 Free Video Dub version 1.8 Free Video to MP3 Converter version 4.1 Free YouTube Download 2.10 GoGear ARIA Device Manager Google Chrome Google Earth Google Update Helper HEMA Fotoservice HiJackThis Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB976002-v5) Hotfix voor Windows XP (KB2570791) HP-software voor foto- en beeldbewerking 2.0 - All-in-One HP-software voor foto- en beeldbewerking 2.0 - All-in-One stuurprogramma HP-software voor foto- en beeldbewerking 2.0 - HP psc 1200 hp psc 1200 series Huffyuv AVI lossless video codec (Remove Only) ijji - Gunz ijji REACTOR Info Center 1.0.0.7 InterVideo WinDVR 3 iTunes Java Auto Updater Java 6 Update 29 Junk Mail filter update Lame ACM MP3 Codec LogMeIn Malwarebytes' Anti-Malware version 1.51.2.1300 Media Converter for Philips Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Dutch Language Pack Microsoft .NET Framework 1.1 Security Update (KB2572067) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - NLD Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - NLD Microsoft .NET Framework 3.5 Language Pack SP1 - nld Microsoft .NET Framework 3.5 SP1 Microsoft ActiveSync Microsoft Antimalware Microsoft Antimalware Service NL-NL Language Pack Microsoft Application Error Reporting Microsoft Choice Guard Microsoft LifeCam Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (Dutch) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office Excel Viewer Microsoft Office File Validation Add-In Microsoft Office Groove MUI (Dutch) 2007 Microsoft Office InfoPath MUI (Dutch) 2007 Microsoft Office Live Add-in 1.3 Microsoft Office OneNote MUI (Dutch) 2007 Microsoft Office Outlook MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (Dutch) 2007 Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Word MUI (Dutch) 2007 Microsoft Search Enhancement Pack Microsoft Security Client Microsoft Security Client NL-NL Language Pack Microsoft Security Essentials Microsoft Silverlight Microsoft Software Update for Web Folders (Dutch) 12 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MobileMe Control Panel Mozilla Firefox 4.0.1 (x86 nl) MSVCRT MSVCRT Redists MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA Drivers NVIDIA PhysX OGA Notifier 2.0.0048.0 Paint.NET v3.5.8 PC Matic 1.1.0.44 PhotoScape PowerISO PSP Video 9 6 PunkBuster Services QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime Realtek High Definition Audio Driver RealUpgrade 1.1 Revo Uninstaller 1.92 Safari SAMSUNG Mobile Modem Driver Set Samsung Mobile phone USB driver Software SAMSUNG Mobile USB Modem 1.0 Software SAMSUNG Mobile USB Modem Software Samsung PC Studio 3 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Segoe UI SIW version 2011.09.16 Skype™ 5.5 SMI Grabber Device Soldier Front Spybot - Search & Destroy SpywareBlaster 4.2 SpywareGuard v2.2 Steam Sudoku Beginner SUPERAntiSpyware Free Edition System Requirements Lab Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL Ulead VideoStudio SE DVD Uninstall 1.0.0.1 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Outlook 2007 Junk Email Filter (KB2596560) Update voor Microsoft Office Excel 2007 Help (KB963678) Update voor Microsoft Office Powerpoint 2007 Help (KB963669) Update voor Microsoft Office Word 2007 Help (KB963665) Update voor Windows XP (KB2607712) Update voor Windows XP (KB2616676) Videora iPod touch Converter 6 WebFldrs XP Windows-stuurprogrammapakket - Atheros (L1e) Net (03/31/2009 1.0.0.36) Windows-stuurprogrammapakket - NVIDIA (nv) Display (01/11/2010 6.14.11.9621) Windows-stuurprogrammapakket - Realtek Semiconductor Corp. HD Audio Driver (12/25/2009 5.10.0.6013) Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Live - Hulpprogramma voor uploaden Windows Live aanmeldhulp Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sync Windows Live Toolbar Windows Live Writer Windows Media Encoder 9 Series Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 WinPcap 4.0.2 WinRAR Wolfenstein - Enemy Territory x264vfw - H.264/MPEG-4 AVC codec (remove only) Xfire (remove only) YouSendIt Express YouTube Downloader 2.5.3 YouTube Downloader App 3.00 . ==== End Of File =========================== Link to post Share on other sites
JonTom Posted November 4, 2011 Share Posted November 4, 2011 Hello gagaman DDS is still flagging remnants of babylon even though OTL reports they were sucessfully removed. Lets give OTL one more try. Please post another OTL scan log in your nexy reply (no need to post the extras.txt). Link to post Share on other sites
gagaman Posted November 4, 2011 Author Share Posted November 4, 2011 Hello JonTom, I did another OTL scan... I used the same instructions as you gave in your first post about OTL, so with the custom scans lines. Hope that is what you meant . OTL-LOG OTL logfile created on: 4/11/2011 17:25:04 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:Documents and SettingsmamaBureaublad Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = ) Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy 3,25 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 81,56% Memory free 5,09 Gb Paging File | 4,62 Gb Available in Paging File | 90,84% Paging File free Paging file location(s): C:pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files Drive C: | 146,48 Gb Total Space | 32,33 Gb Free Space | 22,07% Space Free | Partition Type: NTFS Drive D: | 151,61 Gb Total Space | 141,39 Gb Free Space | 93,26% Space Free | Partition Type: NTFS Computer Name: FRANCINE | User Name: mama | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/11/03 07:09:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsmamaBureaubladOTL.exe PRC - [2011/10/30 17:06:50 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:Program FilesSUPERAntiSpywareSASCORE.EXE PRC - [2011/10/30 07:47:56 | 003,045,688 | ---- | M] (Emsi Software GmbH) -- C:Program FilesEmsisoft Anti-Malwarea2service.exe PRC - [2011/10/08 07:50:51 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:Program FilesLogMeInx86ramaint.exe PRC - [2011/10/08 07:50:35 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:Program FilesLogMeInx86LMIGuardianSvc.exe PRC - [2011/09/26 12:27:08 | 000,024,216 | ---- | M] (PC Pitstop LLC) -- C:Program FilesPCPitstopInfo CenterInfoCenter.exe PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:Program FilesMicrosoft Security Clientmsseces.exe PRC - [2011/06/15 07:19:14 | 000,307,200 | ---- | M] (PowerISO Computing, Inc.) -- C:Program FilesPowerISOPWRISOVM.EXE PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe PRC - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:Program FilesLogMeInx86LogMeIn.exe PRC - [2009/10/19 19:03:50 | 000,995,328 | ---- | M] (D-Link Corp.) -- C:Program FilesD-LinkDWA-125 revAAirGCFG.exe PRC - [2009/10/19 18:39:38 | 000,122,880 | ---- | M] (Wireless Service) -- C:Program FilesD-LinkDWA-125 revAWZCSLDR2.exe PRC - [2008/07/24 17:46:10 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:Program FilesLogMeInx86LogMeInSystray.exe PRC - [2008/07/23 16:04:20 | 005,625,344 | ---- | M] () -- C:Program FilesASUSEPU-4 EngineFourEngine.exe PRC - [2008/04/14 18:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:WINDOWSexplorer.exe PRC - [2007/05/17 22:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:Program FilesMicrosoft LifeCamMSCamS32.exe PRC - [2007/04/10 22:46:52 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:WINDOWSvVX1000.exe PRC - [2003/08/29 18:05:35 | 000,360,448 | ---- | M] () -- C:Program FilesSpywareGuardsgmain.exe PRC - [2003/08/29 10:14:56 | 000,233,472 | ---- | M] () -- C:Program FilesSpywareGuardsgbhp.exe PRC - [2003/06/06 16:52:32 | 000,151,552 | ---- | M] (InterVideo Inc.) -- C:Program FilesCommon FilesInterVideoSchSvrSchSvr.exe PRC - [2003/06/06 16:51:48 | 000,131,072 | ---- | M] () -- C:Program FilesInterVideoCommonBinWinCinemaMgr.exe ========== Modules (No Company Name) ========== MOD - [2011/10/30 07:16:16 | 000,315,392 | ---- | M] () -- C:WINDOWSsystem32ANPDApi.dll MOD - [2011/10/14 05:55:04 | 012,430,848 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Windows.Forms71a2ae9ad561a62181cbd9fb11e9de7aSystem.Windows.Forms.ni.dll MOD - [2011/10/14 05:54:46 | 001,587,200 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Drawingc10bea3c4bb7ef654651141bf9419090System.Drawing.ni.dll MOD - [2011/10/13 22:49:12 | 007,950,848 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32Systemaf39f6e644af02873b9bae319f2bfb13System.ni.dll MOD - [2011/10/13 22:49:02 | 011,490,816 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32mscorlibca87ba84221991839abbe7d4bc9c6721mscorlib.ni.dll MOD - [2009/10/19 18:59:12 | 000,274,432 | ---- | M] () -- C:Program FilesD-LinkDWA-125 revAwlanapp.dll MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:Program FilesCommon FilesAppleApple Application Supportzlib1.dll MOD - [2009/05/22 09:04:59 | 000,303,104 | ---- | M] () -- C:WINDOWSassemblyGAC_MSILmscorlib.resources2.0.0.0_nl_b77a5c561934e089mscorlib.resources.dll MOD - [2009/02/27 17:13:06 | 000,311,296 | ---- | M] () -- C:Program FilesCommon FilesAdobeAcrobatActiveXpdfshell.NLD MOD - [2008/07/23 16:04:20 | 005,625,344 | ---- | M] () -- C:Program FilesASUSEPU-4 EngineFourEngine.exe MOD - [2008/04/15 09:07:34 | 000,053,248 | ---- | M] () -- C:Program FilesASUSEPU-4 EngineAsSpindownTimeout.dll MOD - [2006/01/10 09:50:20 | 000,024,576 | R--- | M] () -- C:WINDOWSsystem32AsIO.dll MOD - [2005/05/11 15:39:32 | 000,565,248 | ---- | M] () -- C:Program FilesASUSEPU-4 Enginepngio.dll MOD - [2003/08/29 18:05:35 | 000,360,448 | ---- | M] () -- C:Program FilesSpywareGuardsgmain.exe MOD - [2003/08/29 10:14:56 | 000,233,472 | ---- | M] () -- C:Program FilesSpywareGuardsgbhp.exe MOD - [2003/08/02 22:20:57 | 000,126,976 | R--- | M] () -- C:Program FilesSpywareGuardspywareguard.dll MOD - [2003/06/06 16:51:48 | 000,131,072 | ---- | M] () -- C:Program FilesInterVideoCommonBinWinCinemaMgr.exe ========== Win32 Services (SafeList) ========== SRV - [2011/10/30 17:06:50 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:Program FilesSUPERAntiSpywareSASCORE.EXE -- (!SASCORE) SRV - [2011/10/30 07:47:56 | 003,045,688 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:Program FilesEmsisoft Anti-Malwarea2service.exe -- (a2AntiMalware) SRV - [2011/10/26 11:42:32 | 000,091,816 | ---- | M] (PC Pitstop LLC) [On_Demand | Stopped] -- C:Program FilesPCPitstopPCPitstopScheduleService.exe -- (PCPitstop Scheduling) SRV - [2011/10/08 07:50:51 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:Program FilesLogMeInx86RaMaint.exe -- (LMIMaint) SRV - [2011/10/08 07:50:35 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:Program FilesLogMeInx86LMIGuardianSvc.exe -- (LMIGuardianSvc) SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe -- (MsMpSvc) SRV - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:Program FilesLogMeInx86LogMeIn.exe -- (LogMeIn) SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:Program FilesCommon FilesArcSoftConnection ServiceBinACService.exe -- (ACDaemon) SRV - [2009/08/21 09:27:26 | 000,126,976 | ---- | M] (Wireless Service) [On_Demand | Stopped] -- C:Program FilesD-LinkDWA-125 revAANIWZCSdS.exe -- (D_Link_DWA-125) SRV - [2009/07/07 19:49:20 | 000,040,960 | ---- | M] () [On_Demand | Stopped] -- C:Program FilesD-LinkDWA-125 revAANIWConnService.exe -- (D_Link_DWA-125_WPS) SRV - [2009/05/20 09:50:20 | 002,772,302 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:WINDOWSSystem32GameMon.des -- (npggsvc) SRV - [2007/11/06 21:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:Program FilesWinPcaprpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2007/05/17 22:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:Program FilesMicrosoft LifeCamMSCamS32.exe -- (MSCamSvc) SRV - [2006/09/28 10:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [On_Demand | Stopped] -- C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe -- (UleadBurningHelper) SRV - [2003/03/09 20:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:WINDOWSsystem32HPZipm12.exe -- (Pml Driver HPZ12) ========== Driver Services (SafeList) ========== DRV - [2011/11/04 17:17:25 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:Documents and SettingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{C21752B9-DDF7-4BCD-A63C-7B802231E310}MpKsl9c37787a.sys -- (MpKsl9c37787a) DRV - [2011/10/30 17:06:43 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:Program FilesSUPERAntiSpywareSASKUTIL.SYS -- (SASKUTIL) DRV - [2011/10/30 17:06:42 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:Program FilesSUPERAntiSpywareSASDIFSV.SYS -- (SASDIFSV) DRV - [2011/10/30 07:16:16 | 000,029,411 | ---- | M] () [Kernel | Auto | Running] -- C:WINDOWSsystem32ANPD.SYS -- (ANPD) DRV - [2011/10/08 07:50:36 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:WINDOWSSystem32LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV - [2011/06/15 09:23:56 | 000,060,156 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:WINDOWSSystem32driversscdemu.sys -- (SCDEmu) DRV - [2011/06/12 19:53:30 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:Program FilesSUPERAntiSpywareSASENUM.SYS -- (SASENUM) DRV - [2011/02/20 20:30:06 | 000,073,728 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:Program FilesEmsisoft Anti-Malwarea2accx86.sys -- (a2acc) DRV - [2011/01/26 10:31:28 | 000,805,632 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversSmiUsbGrabber3C.sys -- (SMIGrabber3C) DRV - [2009/12/25 18:26:30 | 006,039,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversRtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversMonfilt.sys -- (Monfilt) DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversAmbfilt.sys -- (Ambfilt) DRV - [2009/10/23 17:10:10 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:WINDOWSSystem32driversStarOpen.sys -- (StarOpen) DRV - [2009/09/15 14:09:22 | 000,779,136 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversDrt2870.sys -- (rt2870) DRV - [2009/08/05 21:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:WINDOWSsystem32driversfssfltr_tdi.sys -- (fssfltr) DRV - [2009/03/31 17:33:10 | 000,038,400 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversl1e51x86.sys -- (L1e) DRV - [2008/07/24 17:46:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:Program FilesLogMeInx86rainfo.sys -- (LMIInfo) DRV - [2008/07/24 17:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:WINDOWSsystem32driversLMIRfsDriver.sys -- (LMIRfsDriver) DRV - [2008/04/13 19:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversnmnt.sys -- (nm) DRV - [2008/04/13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversMPE.sys -- (MPE) DRV - [2007/12/17 10:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:WINDOWSsystem32driversAsIO.sys -- (AsIO) DRV - [2007/11/06 21:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversnpf.sys -- (NPF) DRV - [2007/05/02 10:12:36 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversssm_mdm.sys -- (ssm_mdm) DRV - [2007/05/02 10:12:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversssm_mdfl.sys -- (ssm_mdfl) DRV - [2007/05/02 10:12:34 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) DRV - [2007/05/02 10:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversss_mdm.sys -- (ss_mdm) DRV - [2007/05/02 10:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversss_mdfl.sys -- (ss_mdfl) DRV - [2007/05/02 10:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) DRV - [2007/04/10 22:46:53 | 001,966,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversVX1000.sys -- (VX1000) DRV - [2006/11/29 06:46:24 | 000,028,224 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversAPLMp50.sys -- (APLMp50) DRV - [2005/12/18 19:42:12 | 000,008,801 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:Program FilesDScalerDSDrv4.sys -- (DSDrv4) DRV - [2005/01/02 22:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32npptNT2.sys -- (NPPTNT2) DRV - [2004/08/13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversASACPI.sys -- (MTsensor) DRV - [2002/09/27 06:53:00 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driverspfc.sys -- (pfc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.be/ IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache = http://be.msn.com/default.aspx?ocid=iehp IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache AcceptLangs = nl-be IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache_TIMESTAMP = 8A 69 41 C1 21 97 CC 01 [binary data] IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17243" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledItems: [email protected]:1.0 FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&AF=17243&q=" FF - [email protected]/FlashPlayer: C:WINDOWSsystem32MacromedFlashNPSWF32.dll () FF - [email protected]/ShockwavePlayer: C:WINDOWSsystem32AdobeDirectornp32dsw.dll (Adobe Systems, Inc.) FF - [email protected]/iTunes,version=: File not found FF - [email protected]/iTunes,version=1.0: C:Program FilesiTunesMozilla Pluginsnpitunes.dll () FF - [email protected]/GoogleEarthPlugin: C:Program FilesGoogleGoogle Earthpluginnpgeplugin.dll (Google) FF - [email protected]/JavaPlugin: C:Program FilesJavajre6binnew_pluginnpjp2.dll (Sun Microsystems, Inc.) FF - [email protected]/NpCtrl,version=1.0: C:Program FilesMicrosoft Silverlight4.0.60831.0npctrl.dll ( Microsoft Corporation) FF - [email protected]/OfficeLive,version=1.3: C:Program FilesMicrosoftOffice LivenpOLW.dll (Microsoft Corp.) FF - [email protected]/WLPG,version=14.0.8117.0416: C:Program FilesWindows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation) FF - [email protected]/WPF,version=3.5: C:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation) FF - [email protected]/Google Update;version=3: C:Program FilesGoogleUpdate1.3.21.79npGoogleUpdate3.dll (Google Inc.) FF - [email protected]/Google Update;version=9: C:Program FilesGoogleUpdate1.3.21.79npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxextensions{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:Program FilesArcSoftMedia Converter for PhilipsInternet Video DownloaderPlugin_FireFox [2010/03/07 12:38:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 4.0.1extensionsComponents: C:Program FilesMozilla Firefoxcomponents [2011/10/30 16:01:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 4.0.1extensionsPlugins: C:Program FilesMozilla Firefoxplugins [2011/02/22 16:50:36 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsmamaApplication DataMozillaExtensions [2011/10/30 12:10:16 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsmamaApplication DataMozillaFirefoxProfileshefq8rku.defaultextensions [2011/11/03 14:46:17 | 000,000,000 | ---D | M] (No name found) -- C:Program FilesMozilla Firefoxextensions [2011/08/10 17:54:30 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:Program FilesMozilla Firefoxextensions{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011/11/03 14:46:17 | 000,000,000 | ---D | M] (Java Console) -- C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2009/06/03 17:08:18 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:PROGRAM FILESJAVAJRE6LIBDEPLOYJQSFF [2009/09/01 20:55:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:WINDOWSMICROSOFT.NETFRAMEWORKV3.5WINDOWS PRESENTATION FOUNDATIONDOTNETASSISTANTEXTENSION [2011/04/14 17:57:43 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:Program Filesmozilla firefoxcomponentsbrowsercomps.dll [2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginsbing.xml [2010/01/01 09:00:00 | 000,001,892 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginsbolcom-nl.xml [2010/01/01 09:00:00 | 000,004,558 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginsmarktplaats-nl.xml [2010/01/01 09:00:00 | 000,001,111 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginsvandale-nl.xml [2010/01/01 09:00:00 | 000,001,049 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginswikipedia-nl.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:Program Filesgooglechromeapplication14.0.835.202gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:WINDOWSsystem32MacromedFlashNPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin7.dll CHR - plugin: Java Platform SE 6 U16 (Enabled) = C:Program FilesJavajre6binnew_pluginnpjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:Program FilesMicrosoft Silverlight4.0.60531.0npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:WINDOWSsystem32AdobeDirectornp32dsw.dll CHR - plugin: RealNetworks RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:Documents and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:Documents and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:Program FilesRealRealPlayerNetscape6nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:Program FilesRealRealPlayerNetscape6nprpjplug.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:Program FilesWindows Media Playernpdsplay.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:Program FilesMicrosoftOffice LivenpOLW.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:Program Filesgooglechromeapplication14.0.835.202ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:Program Filesgooglechromeapplication14.0.835.202pdf.dll CHR - plugin: Skype Toolbars (Enabled) = C:Documents and SettingsmamaLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionslifbcibllhkdhoafpjfnlhfpfgnpldfl5.5.0.8013_0npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Disabled) = C:Program FilesAdobeReader 9.0ReaderBrowsernppdf32.dll CHR - plugin: Microsoftu00AE DRM (Enabled) = C:Program FilesWindows Media Playernpdrmv2.dll CHR - plugin: Microsoftu00AE DRM (Enabled) = C:Program FilesWindows Media Playernpwmsdrm.dll CHR - plugin: Google Earth Plugin (Enabled) = C:Program FilesGoogleGoogle Earthpluginnpgeplugin.dll CHR - plugin: Google Update (Enabled) = C:Program FilesGoogleUpdate1.3.21.69npGoogleUpdate3.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:Program FilesRealRealPlayerNetscape6nprjplug.dll CHR - plugin: Windows Liveu00AE Photo Gallery (Enabled) = C:Program FilesWindows LivePhoto GalleryNPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:Program FilesiTunesMozilla Pluginsnpitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:Documents and SettingsmamaLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsjfmjfhklogoienhpfnppmbcbjfjnkonk1.4_0 CHR - Extension: Click to call with Skype = C:Documents and SettingsmamaLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionslifbcibllhkdhoafpjfnlhfpfgnpldfl5.5.0.8013_0 O1 HOSTS File: ([2009/05/22 19:08:20 | 000,611,053 | ---- | M]) - C:WINDOWSsystem32driversetcHOSTS O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 ad.a8.net O1 - Hosts: 127.0.0.1 asy.a8ww.net O1 - Hosts: 127.0.0.1 acezip.net #[siteAdvisor.acezip.net] O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions] O1 - Hosts: 127.0.0.1 phpadsnew.abac.com O1 - Hosts: 127.0.0.1 a.abnad.net O1 - Hosts: 127.0.0.1 b.abnad.net O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie] O1 - Hosts: 127.0.0.1 d.abnad.net O1 - Hosts: 127.0.0.1 e.abnad.net O1 - Hosts: 127.0.0.1 t.abnad.net O1 - Hosts: 127.0.0.1 z.abnad.net O1 - Hosts: 127.0.0.1 banners.absolpublisher.com O1 - Hosts: 127.0.0.1 tracking.absolstats.com O1 - Hosts: 127.0.0.1 adv.abv.bg O1 - Hosts: 127.0.0.1 bimg.abv.bg O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com O1 - Hosts: 127.0.0.1 accuserveadsystem.com O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com O1 - Hosts: 127.0.0.1 gtb5.acecounter.com O1 - Hosts: 127.0.0.1 gtb19.acecounter.com O1 - Hosts: 127.0.0.1 gtcc1.acecounter.com O1 - Hosts: 127.0.0.1 gtp1.acecounter.com #[eTrust.Tracking.Cookie] O1 - Hosts: 16309 more lines... O3 - HKLM..Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..Run: [D-Link D-Link DWA-125] C:Program FilesD-LinkDWA-125 revAAirGCFG.exe (D-Link Corp.) O4 - HKLM..Run: [info Center] C:Program FilesPCPitstopInfo CenterInfoCenter.exe (PC Pitstop LLC) O4 - HKLM..Run: [LifeCam] C:Program FilesMicrosoft LifeCamLifeExp.exe (Microsoft Corporation) O4 - HKLM..Run: [LogMeIn GUI] C:Program FilesLogMeInx86LogMeInSystray.exe (LogMeIn, Inc.) O4 - HKLM..Run: [MSC] C:Program FilesMicrosoft Security Clientmsseces.exe (Microsoft Corporation) O4 - HKLM..Run: [PWRISOVM.EXE] C:Program FilesPowerISOPWRISOVM.EXE (PowerISO Computing, Inc.) O4 - HKLM..Run: [six Engine] C:Program FilesASUSEPU-4 EngineFourEngine.exe () O4 - HKLM..Run: [uVS10 Preload] C:Program FilesUlead SystemsUlead VideoStudio SE DVDuvPL.exe (Ulead Systems, Inc.) O4 - HKLM..Run: [VX1000] C:WINDOWSvVX1000.exe (Microsoft Corporation) O4 - HKLM..Run: [WinDVR SchSvr] C:Program FilesCommon FilesInterVideoSchSvrSchSvr.exe (InterVideo Inc.) O4 - HKLM..Run: [WZCSLDR2] C:Program FilesD-LinkDWA-125 revAWZCSLDR2.exe (Wireless Service) O4 - HKCU..RunOnce: [shockwave Updater] C:WINDOWSsystem32AdobeShockwave 11SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.dadsproject.com/Klokkijken/klokkijken.php" File not found O4 - Startup: C:Documents and SettingsAll UsersMenu StartProgramma'sOpstartenInterVideo WinCinema Manager.lnk = C:Program FilesInterVideoCommonBinWinCinemaMgr.exe () O4 - Startup: C:Documents and SettingsmamaMenu StartProgramma'sOpstartenSpywareGuard.lnk = C:Program FilesSpywareGuardsgmain.exe () O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: HonorAutoRunSetting = 1 O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145 O10 - NameSpace_Catalog5Catalog_Entries000000000004 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.) O16 - DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (VersionControl Class) O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab (F-Secure Online Scanner Launcher) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class) O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243013861984 (MUWebControl Class) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 195.130.130.4 195.130.131.4 O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{4F52C767-993D-4BB5-AE28-5E54599325CC}: DhcpNameServer = 195.130.131.132 195.130.130.4 O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{57CC1820-8280-407F-8BB2-EB8E5714DF5F}: DhcpNameServer = 195.130.130.4 195.130.131.4 O18 - ProtocolHandlerskype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:WINDOWSexplorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:WINDOWSsystem32userinit.exe) -C:WINDOWSsystem32userinit.exe (Microsoft Corporation) O20 - WinlogonNotify!SASWinLogon: DllName - (C:Program FilesSUPERAntiSpywareSASWINLO.DLL) - C:Program FilesSUPERAntiSpywareSASWINLO.DLL (SUPERAntiSpyware.com) O20 - WinlogonNotifyLMIinit: DllName - (LMIinit.dll) - C:WINDOWSSystem32LMIinit.dll (LogMeIn, Inc.) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:Program FilesSUPERAntiSpywareSASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:Program FilesSpywareGuardspywareguard.dll () O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/05/22 07:59:54 | 000,000,000 | ---- | M] () - C:AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM..comfile [open] -- "%1" %* O35 - HKLM..exefile [open] -- "%1" %* O37 - HKLM...com [@ = comfile] -- "%1" %* O37 - HKLM...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011/11/03 14:48:47 | 000,000,000 | ---D | C] -- C:Program FilesESET [2011/11/03 14:46:24 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataSun [2011/11/03 14:46:23 | 000,000,000 | ---D | C] -- C:Program FilesCommon FilesJava [2011/11/03 14:46:16 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:WINDOWSSystem32deployJava1.dll [2011/11/03 14:46:16 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:WINDOWSSystem32javaws.exe [2011/11/03 14:46:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:WINDOWSSystem32javaw.exe [2011/11/03 14:46:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:WINDOWSSystem32java.exe [2011/11/03 14:36:18 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersMenu StartProgramma'sMalwarebytes' Anti-Malware [2011/11/03 14:36:14 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:WINDOWSSystem32driversmbam.sys [2011/11/03 14:36:14 | 000,000,000 | ---D | C] -- C:Program FilesMalwarebytes' Anti-Malware [2011/11/03 14:35:40 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:Documents and SettingsmamaBureaubladmbam-setup-1.51.2.1300.exe [2011/11/03 14:31:22 | 000,000,000 | ---D | C] -- C:_OTL [2011/11/03 07:09:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:Documents and SettingsmamaBureaubladOTL.exe [2011/11/02 11:25:29 | 000,000,000 | RH-D | C] -- C:Documents and SettingsmamaOnlangs geopend [2011/11/01 12:01:24 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersMenu StartProgramma'sSIW [2011/11/01 12:01:21 | 000,000,000 | ---D | C] -- C:Program FilesSIW [2011/11/01 09:52:47 | 000,000,000 | ---D | C] -- C:Documents and SettingsmamaBureaubladgmer [2011/11/01 09:48:59 | 000,000,000 | R--D | C] -- C:Documents and SettingsmamaMenu StartProgramma'sSysteembeheer [2011/11/01 09:46:37 | 000,607,260 | R--- | C] (Swearware) -- C:Documents and SettingsmamaBureaubladdds.scr [2011/10/30 21:44:36 | 000,000,000 | ---D | C] -- C:Program FilesTrend Micro [2011/10/30 21:44:36 | 000,000,000 | ---D | C] -- C:Documents and SettingsmamaMenu StartProgramma'sHiJackThis [2011/10/30 17:56:16 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataPCPitstopDat [2011/10/30 17:54:02 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersMenu StartProgramma'sPC Pitstop [2011/10/30 14:57:11 | 000,000,000 | ---D | C] -- C:WINDOWSCSC [2011/10/30 12:09:43 | 000,000,000 | ---D | C] -- D:Documents and SettingsmamaMijn documentenDownloads [2011/10/30 07:17:24 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersMenu StartProgramma'sD-Link [2011/10/30 07:15:34 | 000,779,136 | ---- | C] (Ralink Technology, Corp.) -- C:WINDOWSSystem32driversDrt2870.sys [2011/10/30 07:15:33 | 000,221,184 | ---- | C] (Ralink Technology, Inc.) -- C:WINDOWSSystem32RaCoInst.dll [2011/10/30 07:15:32 | 000,000,000 | ---D | C] -- C:Program FilesD-Link [2011/10/19 15:31:35 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersMenu StartProgramma'sHEMA Fotoservice [2011/10/19 15:31:15 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataHEMA Fotoservice [2011/10/19 15:31:13 | 000,000,000 | ---D | C] -- C:Program FilesHEMA Fotoservice [2011/10/13 18:56:57 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication Datatmp [2011/10/13 18:56:56 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication Datahps [2011/10/13 18:56:38 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersMenu StartProgramma'sbol.com fotoservice [2011/10/13 18:55:38 | 000,000,000 | ---D | C] -- C:Program Filesbol.com [1 D:Documents and SettingsmamaMijn documenten*.tmp files -> D:Documents and SettingsmamaMijn documenten*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/11/04 17:23:22 | 000,002,206 | ---- | M] () -- C:WINDOWSSystem32wpa.dbl [2011/11/04 17:22:26 | 000,000,424 | -H-- | M] () -- C:WINDOWStasksMP Scheduled Scan.job [2011/11/04 17:18:10 | 000,003,284 | ---- | M] () -- C:WINDOWSSystem32ANIWZCS{57CC1820-8280-407F-8BB2-EB8E5714DF5F} [2011/11/04 17:18:00 | 000,000,005 | ---- | M] () -- C:WINDOWSSystem32ANIWZCSUSERNAME{57CC1820-8280-407F-8BB2-EB8E5714DF5F} [2011/11/04 17:17:38 | 000,001,040 | ---- | M] () -- C:WINDOWStasksGoogleUpdateTaskMachineCore.job [2011/11/04 17:17:38 | 000,000,294 | ---- | M] () -- C:WINDOWStasksRealUpgradeLogonTaskS-1-5-21-2000478354-115176313-839522115-500.job [2011/11/04 17:17:38 | 000,000,280 | ---- | M] () -- C:WINDOWStasksRealUpgradeLogonTaskS-1-5-21-2000478354-115176313-839522115-1005.job [2011/11/04 17:17:38 | 000,000,276 | ---- | M] () -- C:WINDOWStasksRealUpgradeLogonTaskS-1-5-21-2000478354-115176313-839522115-1003.job [2011/11/04 17:17:15 | 000,002,048 | --S- | M] () -- C:WINDOWSbootstat.dat [2011/11/04 17:00:00 | 000,001,044 | ---- | M] () -- C:WINDOWStasksGoogleUpdateTaskMachineUA.job [2011/11/03 16:40:10 | 000,039,570 | ---- | M] () -- C:Documents and SettingsmamaBureaubladesetscan.JPG [2011/11/03 14:36:44 | 000,707,306 | ---- | M] () -- C:WINDOWSSystem32perfh013.dat [2011/11/03 14:36:44 | 000,607,828 | ---- | M] () -- C:WINDOWSSystem32perfh009.dat [2011/11/03 14:36:44 | 000,186,650 | ---- | M] () -- C:WINDOWSSystem32perfc013.dat [2011/11/03 14:36:44 | 000,143,688 | ---- | M] () -- C:WINDOWSSystem32perfc009.dat [2011/11/03 14:36:18 | 000,000,784 | ---- | M] () -- C:Documents and SettingsAll UsersBureaubladMalwarebytes' Anti-Malware.lnk [2011/11/03 14:35:53 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:Documents and SettingsmamaBureaubladmbam-setup-1.51.2.1300.exe [2011/11/03 07:09:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsmamaBureaubladOTL.exe [2011/11/02 14:14:00 | 000,000,288 | ---- | M] () -- C:WINDOWStasksRealUpgradeScheduledTaskS-1-5-21-2000478354-115176313-839522115-1005.job [2011/11/02 14:11:21 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:WINDOWSSystem32FlashPlayerCPLApp.cpl [2011/11/02 11:22:07 | 000,005,120 | ---- | M] () -- C:Documents and SettingsmamaLocal SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/11/01 12:01:27 | 000,000,610 | ---- | M] () -- C:Documents and SettingsmamaBureaubladSIW.lnk [2011/11/01 09:48:43 | 000,294,216 | ---- | M] () -- C:Documents and SettingsmamaBureaubladgmer.zip [2011/11/01 09:46:39 | 000,607,260 | R--- | M] (Swearware) -- C:Documents and SettingsmamaBureaubladdds.scr [2011/10/30 21:45:14 | 000,002,445 | ---- | M] () -- C:Documents and SettingsmamaBureaubladHiJackThis.lnk [2011/10/30 18:43:37 | 000,002,187 | ---- | M] () -- C:Documents and SettingsAll UsersBureaubladSafari.lnk [2011/10/30 18:25:42 | 000,000,244 | ---- | M] () -- C:Documents and SettingsmamaBureaubladToverboom InfoCentrum.url [2011/10/30 17:54:02 | 000,001,675 | ---- | M] () -- C:Documents and SettingsmamaBureaubladPC Matic.lnk [2011/10/30 17:22:29 | 000,002,493 | ---- | M] () -- C:Documents and SettingsmamaBureaubladMicrosoft Office Word 2007.lnk [2011/10/30 16:02:47 | 000,001,324 | ---- | M] () -- C:WINDOWSSystem32d3d9caps.dat [2011/10/30 14:45:40 | 000,000,284 | ---- | M] () -- C:WINDOWStasksRealUpgradeScheduledTaskS-1-5-21-2000478354-115176313-839522115-1003.job [2011/10/30 14:39:23 | 000,000,211 | ---- | M] () -- C:Documents and SettingsmamaBureaubladDe Toverboom - WELKOM - Basisschool 'De Toverboom'. Kom alles te weten over onze school..url [2011/10/30 09:55:19 | 000,000,302 | ---- | M] () -- C:WINDOWStasksRealUpgradeScheduledTaskS-1-5-21-2000478354-115176313-839522115-500.job [2011/10/30 09:55:11 | 000,000,682 | ---- | M] () -- C:Documents and SettingsAll UsersBureaubladCCleaner.lnk [2011/10/30 07:17:24 | 000,001,682 | ---- | M] () -- C:Documents and SettingsAll UsersBureaubladWireless Connection Manager.lnk [2011/10/30 07:16:16 | 000,315,392 | ---- | M] () -- C:WINDOWSSystem32ANPDApi.dll [2011/10/30 07:16:16 | 000,048,640 | ---- | M] () -- C:WINDOWSSystem32ANPD64.SYS [2011/10/30 07:16:16 | 000,034,008 | ---- | M] () -- C:WINDOWSSystem32ANPD.VXD [2011/10/30 07:16:16 | 000,029,411 | ---- | M] () -- C:WINDOWSSystem32ANPD.SYS [2011/10/29 17:28:37 | 000,001,813 | ---- | M] () -- C:Documents and SettingsAll UsersBureaubladGoogle Chrome.lnk [2011/10/19 14:55:38 | 000,000,914 | ---- | M] () -- C:Documents and SettingsAll UsersBureaubladbol.com fotoservice.lnk [2011/10/19 14:55:38 | 000,000,884 | ---- | M] () -- C:Documents and SettingsAll UsersBureaubladCEWE Fotoshow.lnk [2011/10/14 05:51:45 | 000,293,272 | ---- | M] () -- C:WINDOWSSystem32FNTCACHE.DAT [2011/10/08 07:50:36 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:WINDOWSSystem32LMIRfsClientNP.dll [2011/10/08 07:50:35 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:WINDOWSSystem32LMIinit.dll [2011/10/08 07:50:35 | 000,030,592 | ---- | M] (LogMeIn, Inc.) -- C:WINDOWSSystem32LMIport.dll [1 D:Documents and SettingsmamaMijn documenten*.tmp files -> D:Documents and SettingsmamaMijn documenten*.tmp -> ] ========== Files Created - No Company Name ========== [2011/11/03 16:40:10 | 000,039,570 | ---- | C] () -- C:Documents and SettingsmamaBureaubladesetscan.JPG [2011/11/03 14:36:18 | 000,000,784 | ---- | C] () -- C:Documents and SettingsAll UsersBureaubladMalwarebytes' Anti-Malware.lnk [2011/11/02 11:20:44 | 000,005,120 | ---- | C] () -- C:Documents and SettingsmamaLocal SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/11/01 12:01:27 | 000,000,610 | ---- | C] () -- C:Documents and SettingsmamaBureaubladSIW.lnk [2011/11/01 09:48:43 | 000,294,216 | ---- | C] () -- C:Documents and SettingsmamaBureaubladgmer.zip [2011/10/30 21:44:37 | 000,002,445 | ---- | C] () -- C:Documents and SettingsmamaBureaubladHiJackThis.lnk [2011/10/30 17:40:33 | 000,000,244 | ---- | C] () -- C:Documents and SettingsmamaBureaubladToverboom InfoCentrum.url [2011/10/30 09:55:20 | 000,000,294 | ---- | C] () -- C:WINDOWStasksRealUpgradeLogonTaskS-1-5-21-2000478354-115176313-839522115-500.job [2011/10/30 09:55:19 | 000,000,302 | ---- | C] () -- C:WINDOWStasksRealUpgradeScheduledTaskS-1-5-21-2000478354-115176313-839522115-500.job [2011/10/30 09:55:11 | 000,000,682 | ---- | C] () -- C:Documents and SettingsAll UsersBureaubladCCleaner.lnk [2011/10/30 07:17:31 | 000,003,284 | ---- | C] () -- C:WINDOWSSystem32ANIWZCS{57CC1820-8280-407F-8BB2-EB8E5714DF5F} [2011/10/30 07:17:24 | 000,001,682 | ---- | C] () -- C:Documents and SettingsAll UsersBureaubladWireless Connection Manager.lnk [2011/10/30 07:16:23 | 000,000,005 | ---- | C] () -- C:WINDOWSSystem32ANIWZCSUSERNAME{57CC1820-8280-407F-8BB2-EB8E5714DF5F} [2011/10/30 07:16:16 | 000,315,392 | ---- | C] () -- C:WINDOWSSystem32ANPDApi.dll [2011/10/30 07:16:16 | 000,048,640 | ---- | C] () -- C:WINDOWSSystem32ANPD64.SYS [2011/10/30 07:16:16 | 000,034,008 | ---- | C] () -- C:WINDOWSSystem32ANPD.VXD [2011/10/30 07:16:16 | 000,029,411 | ---- | C] () -- C:WINDOWSSystem32ANPD.SYS [2011/10/30 07:15:33 | 000,013,931 | ---- | C] () -- C:WINDOWSSystem32RaCoInst.dat [2011/10/13 18:56:52 | 000,000,914 | ---- | C] () -- C:Documents and SettingsAll UsersBureaubladbol.com fotoservice.lnk [2011/10/13 18:56:52 | 000,000,884 | ---- | C] () -- C:Documents and SettingsAll UsersBureaubladCEWE Fotoshow.lnk [2011/08/13 16:41:18 | 000,204,800 | ---- | C] () -- C:WINDOWSSystem32IVIresizeW7.dll [2011/08/13 16:41:18 | 000,200,704 | ---- | C] () -- C:WINDOWSSystem32IVIresizeA6.dll [2011/08/13 16:41:18 | 000,192,512 | ---- | C] () -- C:WINDOWSSystem32IVIresizeP6.dll [2011/08/13 16:41:18 | 000,192,512 | ---- | C] () -- C:WINDOWSSystem32IVIresizeM6.dll [2011/08/13 16:41:18 | 000,188,416 | ---- | C] () -- C:WINDOWSSystem32IVIresizePX.dll [2011/08/13 16:41:18 | 000,020,480 | ---- | C] () -- C:WINDOWSSystem32IVIresize.dll [2011/08/11 13:40:49 | 000,061,244 | ---- | C] () -- C:WINDOWSSystem32x264vfw-uninstall.exe [2011/08/11 13:38:08 | 000,000,135 | ---- | C] () -- C:WINDOWShuffyuv.ini [2011/08/10 18:18:52 | 000,363,520 | ---- | C] () -- C:WINDOWSSystem32PsisDecd.dll [2011/07/10 22:04:39 | 000,021,504 | ---- | C] () -- C:WINDOWSjestertb.dll [2011/03/18 22:18:48 | 000,002,528 | ---- | C] () -- C:Documents and SettingsmamaApplication Data$_hpcst$.hpc [2011/03/08 20:05:24 | 000,000,162 | ---- | C] () -- C:WINDOWSwininit.ini [2011/02/23 19:49:33 | 000,000,552 | ---- | C] () -- C:WINDOWSSystem32d3d8caps.dat [2011/02/20 12:33:22 | 000,000,000 | ---- | C] () -- C:WINDOWSnsreg.dat [2010/11/18 17:36:02 | 000,027,648 | ---- | C] () -- C:WINDOWSSystem32AVSredirect.dll [2010/05/06 19:43:34 | 000,001,324 | ---- | C] () -- C:WINDOWSSystem32d3d9caps.dat [2010/04/06 10:37:57 | 000,000,056 | -H-- | C] () -- C:WINDOWSSystem32ezsidmv.dat [2010/04/06 10:30:31 | 000,015,498 | ---- | C] () -- C:WINDOWSVX1000.ini [2010/01/27 21:54:34 | 002,283,526 | ---- | C] () -- C:WINDOWSSystem32nvdata.bin [2009/12/24 14:53:19 | 000,087,472 | ---- | C] () -- C:WINDOWSSystem32ijjiChannelingPlugin.dll [2009/10/24 18:51:55 | 000,682,280 | ---- | C] () -- C:WINDOWSSystem32pbsvc.exe [2009/09/27 18:14:41 | 000,062,036 | -H-- | C] () -- C:WINDOWSSystem32mlfcache.dat [2009/08/06 09:42:23 | 000,138,160 | ---- | C] () -- C:WINDOWSSystem32driversPnkBstrK.sys [2009/08/06 09:42:01 | 000,271,200 | ---- | C] () -- C:WINDOWSSystem32PnkBstrB.exe [2009/08/06 09:41:56 | 000,075,136 | ---- | C] () -- C:WINDOWSSystem32PnkBstrA.exe [2009/08/06 09:41:46 | 000,000,287 | ---- | C] () -- C:WINDOWSgame.ini [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:WINDOWSSystem32OGACheckControl.dll [2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:WINDOWSSystem32OGAEXEC.exe [2009/07/12 16:39:51 | 000,000,751 | ---- | C] () -- C:WINDOWSSpiderman.INI [2009/07/12 10:32:17 | 000,158,952 | ---- | C] () -- C:WINDOWSSystem32PubPlugin.dll [2009/06/29 17:33:43 | 000,000,000 | ---- | C] () -- C:Documents and SettingsAll UsersApplication DataLauncherAccess.dt [2009/06/29 17:27:54 | 000,005,632 | ---- | C] () -- C:WINDOWSSystem32driversStarOpen.sys [2009/06/01 19:43:54 | 000,019,558 | ---- | C] () -- C:WINDOWShpoins01.dat [2009/06/01 19:43:54 | 000,016,606 | ---- | C] () -- C:WINDOWShpomdl01.dat [2009/05/22 09:48:05 | 000,004,205 | ---- | C] () -- C:WINDOWSODBCINST.INI [2009/05/22 09:45:27 | 000,293,272 | ---- | C] () -- C:WINDOWSSystem32FNTCACHE.DAT [2009/05/22 09:13:54 | 000,000,127 | ---- | C] () -- C:Documents and SettingsmamaLocal SettingsApplication Datafusioncache.dat [2009/05/22 08:19:56 | 000,024,576 | R--- | C] () -- C:WINDOWSSystem32AsIO.dll [2009/05/22 08:19:56 | 000,012,400 | R--- | C] () -- C:WINDOWSSystem32driversAsIO.sys [2009/05/22 08:19:54 | 000,011,832 | ---- | C] () -- C:WINDOWSSystem32driversAsInsHelp64.sys [2009/05/22 08:19:54 | 000,010,216 | ---- | C] () -- C:WINDOWSSystem32driversAsInsHelp32.sys [2009/05/22 08:06:28 | 000,028,928 | ---- | C] () -- C:WINDOWSAscd_log.ini [2009/05/22 08:05:27 | 000,005,810 | R--- | C] () -- C:WINDOWSSystem32driversASACPI.sys [2009/05/22 08:05:12 | 000,028,545 | ---- | C] () -- C:WINDOWSAscd_tmp.ini [2009/05/22 08:05:12 | 000,010,296 | ---- | C] () -- C:WINDOWSSystem32driversASUSHWIO.SYS [2009/05/22 08:01:16 | 000,002,048 | --S- | C] () -- C:WINDOWSbootstat.dat [2009/05/22 07:57:44 | 000,021,748 | ---- | C] () -- C:WINDOWSSystem32emptyregdb.dat [2009/02/09 06:18:00 | 001,724,416 | ---- | C] () -- C:WINDOWSSystem32nvwdmcpl.dll [2009/02/09 06:18:00 | 001,657,376 | ---- | C] () -- C:WINDOWSSystem32nwiz.exe [2009/02/09 06:18:00 | 001,507,328 | ---- | C] () -- C:WINDOWSSystem32nview.dll [2009/02/09 06:18:00 | 001,346,080 | ---- | C] () -- C:WINDOWSSystem32nvdspsch.exe [2009/02/09 06:18:00 | 001,101,824 | ---- | C] () -- C:WINDOWSSystem32nvwimg.dll [2009/02/09 06:18:00 | 000,466,944 | ---- | C] () -- C:WINDOWSSystem32nvshell.dll [2009/02/09 06:18:00 | 000,449,056 | ---- | C] () -- C:WINDOWSSystem32nvappbar.exe [2009/02/09 06:18:00 | 000,436,768 | ---- | C] () -- C:WINDOWSSystem32keystone.exe [2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:WINDOWSSystem32physxcudart_20.dll [2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelTraditionalChinese.dll [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelSwedish.dll [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelSpanish.dll [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelSimplifiedChinese.dll [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelPortugese.dll [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelKorean.dll [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelJapanese.dll [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelGerman.dll [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelFrench.dll [2008/04/15 21:18:40 | 002,084,371 | ---- | C] () -- C:WINDOWSSystem32x264vfw.dll [2007/11/06 21:19:28 | 000,053,299 | ---- | C] () -- C:WINDOWSSystem32pthreadVC.dll [2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:WINDOWSSystem32oembios.bin [2004/08/04 13:00:00 | 000,707,306 | ---- | C] () -- C:WINDOWSSystem32perfh013.dat [2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:WINDOWSSystem32mlang.dat [2004/08/04 13:00:00 | 000,607,828 | ---- | C] () -- C:WINDOWSSystem32perfh009.dat [2004/08/04 13:00:00 | 000,318,670 | ---- | C] () -- C:WINDOWSSystem32perfi013.dat [2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:WINDOWSSystem32perfi009.dat [2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:WINDOWSSystem32dssec.dat [2004/08/04 13:00:00 | 000,186,650 | ---- | C] () -- C:WINDOWSSystem32perfc013.dat [2004/08/04 13:00:00 | 000,143,688 | ---- | C] () -- C:WINDOWSSystem32perfc009.dat [2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:WINDOWSSystem32mib.bin [2004/08/04 13:00:00 | 000,039,178 | ---- | C] () -- C:WINDOWSSystem32perfd013.dat [2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:WINDOWSSystem32perfd009.dat [2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:WINDOWSSystem32secupd.dat [2004/08/04 13:00:00 | 000,004,463 | ---- | C] () -- C:WINDOWSSystem32oembios.dat [2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:WINDOWSSystem32dcache.bin [2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:WINDOWSSystem32noise.dat [1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:WINDOWSSystem32giveio.sys ========== LOP Check ========== [2011/06/05 18:17:28 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Data1C119 [2009/08/13 17:27:03 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataActivision [2011/06/05 18:17:43 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Databoost_interprocess [2011/08/10 19:26:46 | 000,000,000 | -H-D | M] -- C:Documents and SettingsAll UsersApplication DataCanonBJ [2011/03/14 17:01:35 | 000,000,000 | -H-D | M] -- C:Documents and SettingsAll UsersApplication DataCommon Files [2011/07/10 20:57:25 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataEasybits GO [2009/09/22 08:35:45 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataF-Secure [2011/10/19 15:31:15 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataHEMA Fotoservice [2011/08/13 16:42:06 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataInterVideo [2011/11/04 16:54:13 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataLogMeIn [2011/11/04 17:06:03 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataPCPitstop [2011/10/30 17:56:16 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataPCPitstopDat [2010/01/27 22:03:05 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataTEMP [2011/10/19 14:58:56 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Datatmp [2009/12/05 19:06:30 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataUbisoft [2011/08/10 18:15:10 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataUlead Systems [2010/07/08 13:43:28 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Data{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/09/27 18:32:40 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Data{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/06/10 13:06:41 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Data{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2009/11/08 09:09:14 | 000,000,000 | ---D | M] -- C:Documents and SettingsmamaApplication DataActivision [2011/11/03 14:31:23 | 000,000,000 | ---D | M] -- C:Documents and SettingsmamaApplication DataBabylonToolbar [2011/06/05 21:35:52 | 000,000,000 | ---D | M] -- C:Documents and SettingsmamaApplication Databsbandmltbpi [2009/06/01 18:56:09 | 000,000,000 | ---D | M] -- C:Documents and SettingsmamaApplication DataGenie-Soft [2011/08/10 21:45:48 | 000,000,000 | ---D | M] -- C:Documents and SettingsmamaApplication DataUlead Systems [2009/06/04 18:37:34 | 000,000,344 | ---- | M] () -- C:WINDOWSTasksFRU Task #Hewlett-Packard#hp psc 1200 series#1243881968.job [2011/11/04 17:22:26 | 000,000,424 | -H-- | M] () -- C:WINDOWSTasksMP Scheduled Scan.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%*.* > [2009/05/22 21:24:16 | 000,001,024 | ---- | M] () -- C:.rnd [2009/05/22 07:59:54 | 000,000,000 | ---- | M] () -- C:AUTOEXEC.BAT [2009/09/21 19:36:07 | 000,000,211 | -HS- | M] () -- C:boot.ini [2004/08/04 13:00:00 | 000,004,952 | RHS- | M] () -- C:Bootfont.bin [2009/08/17 14:07:00 | 000,000,074 | ---- | M] () -- C:CMLoader.log [2009/05/22 07:59:54 | 000,000,000 | ---- | M] () -- C:CONFIG.SYS [2010/11/17 18:56:16 | 000,000,135 | ---- | M] () -- C:error.log [2011/08/09 12:38:56 | 000,000,524 | ---- | M] () -- C:hpfr3420.xml [2011/08/09 12:38:56 | 000,206,064 | ---- | M] () -- C:hpfr3425.log [2009/08/15 23:05:02 | 000,000,921 | -H-- | M] () -- C:hpothb07.dat [2009/08/15 23:05:02 | 000,002,225 | -H-- | M] () -- C:hpothb07.tif [2011/02/16 17:22:12 | 000,460,824 | ---- | M] () -- C:img2-001.raw [2009/05/22 07:59:54 | 000,000,000 | RHS- | M] () -- C:IO.SYS [2009/05/22 07:59:54 | 000,000,000 | RHS- | M] () -- C:MSDOS.SYS [2004/08/04 13:00:00 | 000,047,564 | RHS- | M] () -- C:NTDETECT.COM [2009/05/22 08:41:40 | 000,251,712 | RHS- | M] () -- C:ntldr [2011/11/04 17:17:11 | 2145,386,496 | -HS- | M] () -- C:pagefile.sys [2009/05/22 08:07:45 | 000,001,589 | ---- | M] () -- C:RHDSetup.log < %systemroot%Fonts*.com > [2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:WINDOWSFontsGlobalMonospace.CompositeFont [2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:WINDOWSFontsGlobalSansSerif.CompositeFont [2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:WINDOWSFontsGlobalSerif.CompositeFont [2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:WINDOWSFontsGlobalUserInterface.CompositeFont < %systemroot%Fonts*.dll > < %systemroot%Fonts*.ini > [2009/05/22 07:59:35 | 000,000,067 | -HS- | M] () -- C:WINDOWSFontsdesktop.ini < %systemroot%Fonts*.ini2 > < %systemroot%Fonts*.exe > < %systemroot%system32spoolprtprocsw32x86*.* > [2010/08/25 04:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:WINDOWSsystem32spoolprtprocsw32x86CNMPDA9.DLL [2010/08/25 04:00:00 | 000,073,216 | ---- | M] (CANON INC.) -- C:WINDOWSsystem32spoolprtprocsw32x86CNMPPA9.DLL [2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:WINDOWSsystem32spoolprtprocsw32x86filterpipelineprintproc.dll [2011/10/08 07:50:36 | 000,052,096 | ---- | M] (LogMeIn, Inc.) -- C:WINDOWSsystem32spoolprtprocsw32x86LMIproc.dll [2008/07/06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:WINDOWSsystem32spoolprtprocsw32x86printfilterpipelinesvc.exe < %systemroot%REPAIR*.bak1 > < %systemroot%REPAIR*.ini > < %systemroot%system32*.jpg > < %systemroot%*.jpg > < %systemroot%*.png > < %systemroot%*.scr > [2010/04/17 02:11:10 | 000,307,056 | ---- | M] (Microsoft Corporation) -- C:WINDOWSWLXPGSS.SCR < %systemroot%*._sy > < %APPDATA%AdobeUpdate*.* > < %ALLUSERSPROFILE%Favorites*.* > < %APPDATA%Microsoft*.* > < %PROGRAMFILES%*.* > < %APPDATA%Update*.* > < %systemroot%*. /mp /s > < %systemroot%System32config*.sav > [2009/05/22 09:44:41 | 000,094,208 | ---- | M] () -- C:WINDOWSSystem32configdefault.sav [2009/05/22 09:44:41 | 000,663,552 | ---- | M] () -- C:WINDOWSSystem32configsoftware.sav [2009/05/22 09:44:41 | 000,450,560 | ---- | M] () -- C:WINDOWSSystem32configsystem.sav < %PROGRAMFILES%bak. /s > < %systemroot%system32bak. /s > < %ALLUSERSPROFILE%Start Menu*.lîk /x > < %systemroot%system32configsystemprofile*.dat /x > < %systemroot%*.config > < %systemroot%system32*.db > < %PROGRAMFILES%Internet Explorer*.dat > < %APPDATA%MikzosoftInternet ExplorerQuick Launch*.lnk /x > < %USERPROFILE%Deskuop*.exe > < %PROGRAMFILES%Common Files*.* > < %systemroot%*.src > [2007/04/10 22:46:53 | 000,013,023 | ---- | M] () -- C:WINDOWSVX1000.src < %systemroot%install*.* > < %systemroot%system32DLL*.* > < %systemroot%system32HelpFiles*.* > < %systemroot%system32rundll*.* > < %systemroot%winn32*.* > < %systemroot%Java*.* > < %systemroot%system32test*.* > < %systemroot%system32Rundll32*.* > < HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU > < HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|L Link to post Share on other sites
JonTom Posted November 5, 2011 Share Posted November 5, 2011 Hello gagaman Hope that is what you meant Thats exactly what I meant Does this machine have an extra (D) drive attached? Lets see if we can take care of the remnants this time (if OTL struggles we have other options available, babylon is known to be a pain to remove): Please open OTL Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL. :OTL PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) FF - prefs.js..browser.search.defaulturl: "http://search.babylo...search&AF=17243" FF - prefs.js..keyword.URL: "http://search.babylo...rtrp&AF=17243=" [2011/11/03 14:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mama\Application Data\BabylonToolbar :Commands [purity] [emptytemp] [emptyflash] [start explorer] [Reboot] Once you have pasted the information into the Custom Scans/Fixes box, click the "Run Fix" button at the top. Allow the program to run unhindered. Your machine will re-start itself. This is normal. A log will be created after your machine reboots. Please post the contents of the log in your next reply. After the scan has run, please update MBAM and run a full system scan. Please post the OTL fix log, the MBAM log and a new OTL scan log in your next reply. Link to post Share on other sites
gagaman Posted November 5, 2011 Author Share Posted November 5, 2011 Hello JonTom, Here are the requested logs: OTL-FIX Log All processes killed ========== OTL ========== No active process named explorer.exe was found! Prefs.js: "http://search.babylo...search&AF=17243" removed from browser.search.defaulturl Prefs.js: "http://search.babylo...rtrp&AF=17243=" removed from keyword.URL C:Documents and SettingsmamaApplication DataBabylonToolbar folder moved successfully. File rity] not found. File ptytemp] not found. File ptyflash] not found. File art explorer] not found. File boot] not found. OTL by OldTimer - Version 3.2.31.0 log created on 11052011_151730 FilesFolders moved on Reboot... Registry entries deleted on Reboot... Malwarebytes Antimalware log Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8090 Windows 5.1.2600 Service Pack 3 Internet Explorer Unknown 5/11/2011 15:33:05 mbam-log-2011-11-05 (15-33-05).txt Scan type: Quick scan Objects scanned: 229265 Time elapsed: 3 minute(s), 2 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) OTL SCAn log OTL logfile created on: 5/11/2011 15:50:10 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:Documents and SettingsmamaBureaublad Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = ) Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy 3,25 Gb Total Physical Memory | 2,60 Gb Available Physical Memory | 79,98% Memory free 5,09 Gb Paging File | 4,60 Gb Available in Paging File | 90,38% Paging File free Paging file location(s): C:pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files Drive C: | 146,48 Gb Total Space | 32,29 Gb Free Space | 22,05% Space Free | Partition Type: NTFS Drive D: | 151,61 Gb Total Space | 141,39 Gb Free Space | 93,26% Space Free | Partition Type: NTFS Computer Name: FRANCINE | User Name: mama | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/11/03 07:09:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsmamaBureaubladOTL.exe PRC - [2011/10/30 17:06:50 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:Program FilesSUPERAntiSpywareSASCORE.EXE PRC - [2011/10/30 07:47:56 | 003,045,688 | ---- | M] (Emsi Software GmbH) -- C:Program FilesEmsisoft Anti-Malwarea2service.exe PRC - [2011/10/08 07:50:51 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:Program FilesLogMeInx86ramaint.exe PRC - [2011/10/08 07:50:35 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:Program FilesLogMeInx86LMIGuardianSvc.exe PRC - [2011/09/26 12:27:08 | 000,024,216 | ---- | M] (PC Pitstop LLC) -- C:Program FilesPCPitstopInfo CenterInfoCenter.exe PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:Program FilesMicrosoft Security Clientmsseces.exe PRC - [2011/06/15 07:19:14 | 000,307,200 | ---- | M] (PowerISO Computing, Inc.) -- C:Program FilesPowerISOPWRISOVM.EXE PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe PRC - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:Program FilesLogMeInx86LogMeIn.exe PRC - [2009/10/19 19:03:50 | 000,995,328 | ---- | M] (D-Link Corp.) -- C:Program FilesD-LinkDWA-125 revAAirGCFG.exe PRC - [2009/10/19 18:39:38 | 000,122,880 | ---- | M] (Wireless Service) -- C:Program FilesD-LinkDWA-125 revAWZCSLDR2.exe PRC - [2008/07/24 17:46:10 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:Program FilesLogMeInx86LogMeInSystray.exe PRC - [2008/07/23 16:04:20 | 005,625,344 | ---- | M] () -- C:Program FilesASUSEPU-4 EngineFourEngine.exe PRC - [2008/04/14 18:02:58 | 001,037,312 | ---- | M] (Microsoft Corporation) -- C:WINDOWSexplorer.exe PRC - [2007/05/17 22:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:Program FilesMicrosoft LifeCamMSCamS32.exe PRC - [2007/04/10 22:46:52 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:WINDOWSvVX1000.exe PRC - [2003/08/29 18:05:35 | 000,360,448 | ---- | M] () -- C:Program FilesSpywareGuardsgmain.exe PRC - [2003/08/29 10:14:56 | 000,233,472 | ---- | M] () -- C:Program FilesSpywareGuardsgbhp.exe PRC - [2003/06/06 16:52:32 | 000,151,552 | ---- | M] (InterVideo Inc.) -- C:Program FilesCommon FilesInterVideoSchSvrSchSvr.exe PRC - [2003/06/06 16:51:48 | 000,131,072 | ---- | M] () -- C:Program FilesInterVideoCommonBinWinCinemaMgr.exe ========== Modules (No Company Name) ========== MOD - [2011/10/30 07:16:16 | 000,315,392 | ---- | M] () -- C:WINDOWSsystem32ANPDApi.dll MOD - [2011/10/14 05:55:04 | 012,430,848 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Windows.Forms71a2ae9ad561a62181cbd9fb11e9de7aSystem.Windows.Forms.ni.dll MOD - [2011/10/14 05:54:46 | 001,587,200 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32System.Drawingc10bea3c4bb7ef654651141bf9419090System.Drawing.ni.dll MOD - [2011/10/13 22:49:12 | 007,950,848 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32Systemaf39f6e644af02873b9bae319f2bfb13System.ni.dll MOD - [2011/10/13 22:49:02 | 011,490,816 | ---- | M] () -- C:WINDOWSassemblyNativeImages_v2.0.50727_32mscorlibca87ba84221991839abbe7d4bc9c6721mscorlib.ni.dll MOD - [2009/10/19 18:59:12 | 000,274,432 | ---- | M] () -- C:Program FilesD-LinkDWA-125 revAwlanapp.dll MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:Program FilesCommon FilesAppleApple Application Supportzlib1.dll MOD - [2009/05/22 09:04:59 | 000,303,104 | ---- | M] () -- C:WINDOWSassemblyGAC_MSILmscorlib.resources2.0.0.0_nl_b77a5c561934e089mscorlib.resources.dll MOD - [2008/07/23 16:04:20 | 005,625,344 | ---- | M] () -- C:Program FilesASUSEPU-4 EngineFourEngine.exe MOD - [2006/01/10 09:50:20 | 000,024,576 | R--- | M] () -- C:WINDOWSsystem32AsIO.dll MOD - [2005/05/11 15:39:32 | 000,565,248 | ---- | M] () -- C:Program FilesASUSEPU-4 Enginepngio.dll MOD - [2003/08/29 18:05:35 | 000,360,448 | ---- | M] () -- C:Program FilesSpywareGuardsgmain.exe MOD - [2003/08/29 10:14:56 | 000,233,472 | ---- | M] () -- C:Program FilesSpywareGuardsgbhp.exe MOD - [2003/08/02 22:20:57 | 000,126,976 | R--- | M] () -- C:Program FilesSpywareGuardspywareguard.dll MOD - [2003/06/06 16:51:48 | 000,131,072 | ---- | M] () -- C:Program FilesInterVideoCommonBinWinCinemaMgr.exe ========== Win32 Services (SafeList) ========== SRV - [2011/10/30 17:06:50 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:Program FilesSUPERAntiSpywareSASCORE.EXE -- (!SASCORE) SRV - [2011/10/30 07:47:56 | 003,045,688 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:Program FilesEmsisoft Anti-Malwarea2service.exe -- (a2AntiMalware) SRV - [2011/10/26 11:42:32 | 000,091,816 | ---- | M] (PC Pitstop LLC) [On_Demand | Stopped] -- C:Program FilesPCPitstopPCPitstopScheduleService.exe -- (PCPitstop Scheduling) SRV - [2011/10/08 07:50:51 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:Program FilesLogMeInx86RaMaint.exe -- (LMIMaint) SRV - [2011/10/08 07:50:35 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:Program FilesLogMeInx86LMIGuardianSvc.exe -- (LMIGuardianSvc) SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe -- (MsMpSvc) SRV - [2010/11/08 12:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:Program FilesLogMeInx86LogMeIn.exe -- (LogMeIn) SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:Program FilesCommon FilesArcSoftConnection ServiceBinACService.exe -- (ACDaemon) SRV - [2009/08/21 09:27:26 | 000,126,976 | ---- | M] (Wireless Service) [On_Demand | Stopped] -- C:Program FilesD-LinkDWA-125 revAANIWZCSdS.exe -- (D_Link_DWA-125) SRV - [2009/07/07 19:49:20 | 000,040,960 | ---- | M] () [On_Demand | Stopped] -- C:Program FilesD-LinkDWA-125 revAANIWConnService.exe -- (D_Link_DWA-125_WPS) SRV - [2009/05/20 09:50:20 | 002,772,302 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:WINDOWSSystem32GameMon.des -- (npggsvc) SRV - [2007/11/06 21:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:Program FilesWinPcaprpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2007/05/17 22:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:Program FilesMicrosoft LifeCamMSCamS32.exe -- (MSCamSvc) SRV - [2006/09/28 10:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [On_Demand | Stopped] -- C:Program FilesCommon FilesUlead SystemsDVDULCDRSvr.exe -- (UleadBurningHelper) SRV - [2003/03/09 20:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:WINDOWSsystem32HPZipm12.exe -- (Pml Driver HPZ12) ========== Driver Services (SafeList) ========== DRV - [2011/11/05 15:18:31 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:Documents and SettingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{C21752B9-DDF7-4BCD-A63C-7B802231E310}MpKsl366bbe98.sys -- (MpKsl366bbe98) DRV - [2011/11/05 14:39:21 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:Documents and SettingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{C21752B9-DDF7-4BCD-A63C-7B802231E310}MpKslf92cd221.sys -- (MpKslf92cd221) DRV - [2011/10/30 17:06:43 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:Program FilesSUPERAntiSpywareSASKUTIL.SYS -- (SASKUTIL) DRV - [2011/10/30 17:06:42 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:Program FilesSUPERAntiSpywareSASDIFSV.SYS -- (SASDIFSV) DRV - [2011/10/30 07:16:16 | 000,029,411 | ---- | M] () [Kernel | Auto | Running] -- C:WINDOWSsystem32ANPD.SYS -- (ANPD) DRV - [2011/10/08 07:50:36 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:WINDOWSSystem32LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV - [2011/06/15 09:23:56 | 000,060,156 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:WINDOWSSystem32driversscdemu.sys -- (SCDEmu) DRV - [2011/06/12 19:53:30 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:Program FilesSUPERAntiSpywareSASENUM.SYS -- (SASENUM) DRV - [2011/02/20 20:30:06 | 000,073,728 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:Program FilesEmsisoft Anti-Malwarea2accx86.sys -- (a2acc) DRV - [2011/01/26 10:31:28 | 000,805,632 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversSmiUsbGrabber3C.sys -- (SMIGrabber3C) DRV - [2009/12/25 18:26:30 | 006,039,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversRtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009/11/18 07:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversMonfilt.sys -- (Monfilt) DRV - [2009/11/18 07:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversAmbfilt.sys -- (Ambfilt) DRV - [2009/10/23 17:10:10 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:WINDOWSSystem32driversStarOpen.sys -- (StarOpen) DRV - [2009/09/15 14:09:22 | 000,779,136 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversDrt2870.sys -- (rt2870) DRV - [2009/08/05 21:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:WINDOWSsystem32driversfssfltr_tdi.sys -- (fssfltr) DRV - [2009/03/31 17:33:10 | 000,038,400 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversl1e51x86.sys -- (L1e) DRV - [2008/07/24 17:46:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:Program FilesLogMeInx86rainfo.sys -- (LMIInfo) DRV - [2008/07/24 17:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:WINDOWSsystem32driversLMIRfsDriver.sys -- (LMIRfsDriver) DRV - [2008/04/13 19:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversnmnt.sys -- (nm) DRV - [2008/04/13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversMPE.sys -- (MPE) DRV - [2007/12/17 10:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:WINDOWSsystem32driversAsIO.sys -- (AsIO) DRV - [2007/11/06 21:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversnpf.sys -- (NPF) DRV - [2007/05/02 10:12:36 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversssm_mdm.sys -- (ssm_mdm) DRV - [2007/05/02 10:12:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversssm_mdfl.sys -- (ssm_mdfl) DRV - [2007/05/02 10:12:34 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) DRV - [2007/05/02 10:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversss_mdm.sys -- (ss_mdm) DRV - [2007/05/02 10:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversss_mdfl.sys -- (ss_mdfl) DRV - [2007/05/02 10:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) DRV - [2007/04/10 22:46:53 | 001,966,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversVX1000.sys -- (VX1000) DRV - [2006/11/29 06:46:24 | 000,028,224 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32driversAPLMp50.sys -- (APLMp50) DRV - [2005/12/18 19:42:12 | 000,008,801 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:Program FilesDScalerDSDrv4.sys -- (DSDrv4) DRV - [2005/01/02 22:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:WINDOWSsystem32npptNT2.sys -- (NPPTNT2) DRV - [2004/08/13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driversASACPI.sys -- (MTsensor) DRV - [2002/09/27 06:53:00 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:WINDOWSsystem32driverspfc.sys -- (pfc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.be/ IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache = http://be.msn.com/default.aspx?ocid=iehp IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache AcceptLangs = nl-be IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache_TIMESTAMP = 8A 69 41 C1 21 97 CC 01 [binary data] IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17243" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledItems: [email protected]:1.0 FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&AF=17243&q=" FF - [email protected]adobe.com/FlashPlayer: C:WINDOWSsystem32MacromedFlashNPSWF32.dll () FF - [email protected]/ShockwavePlayer: C:WINDOWSsystem32AdobeDirectornp32dsw.dll (Adobe Systems, Inc.) FF - [email protected]/iTunes,version=: File not found FF - [email protected]/iTunes,version=1.0: C:Program FilesiTunesMozilla Pluginsnpitunes.dll () FF - [email protected]/GoogleEarthPlugin: C:Program FilesGoogleGoogle Earthpluginnpgeplugin.dll (Google) FF - [email protected]/JavaPlugin: C:Program FilesJavajre6binnew_pluginnpjp2.dll (Sun Microsystems, Inc.) FF - [email protected]/NpCtrl,version=1.0: C:Program FilesMicrosoft Silverlight4.0.60831.0npctrl.dll ( Microsoft Corporation) FF - [email protected]/OfficeLive,version=1.3: C:Program FilesMicrosoftOffice LivenpOLW.dll (Microsoft Corp.) FF - [email protected]/WLPG,version=14.0.8117.0416: C:Program FilesWindows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation) FF - [email protected]/WPF,version=3.5: C:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation) FF - [email protected]/Google Update;version=3: C:Program FilesGoogleUpdate1.3.21.79npGoogleUpdate3.dll (Google Inc.) FF - [email protected]/Google Update;version=9: C:Program FilesGoogleUpdate1.3.21.79npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxextensions{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:Program FilesArcSoftMedia Converter for PhilipsInternet Video DownloaderPlugin_FireFox [2010/03/07 12:38:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 4.0.1extensionsComponents: C:Program FilesMozilla Firefoxcomponents [2011/10/30 16:01:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 4.0.1extensionsPlugins: C:Program FilesMozilla Firefoxplugins [2011/02/22 16:50:36 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsmamaApplication DataMozillaExtensions [2011/10/30 12:10:16 | 000,000,000 | ---D | M] (No name found) -- C:Documents and SettingsmamaApplication DataMozillaFirefoxProfileshefq8rku.defaultextensions [2011/11/03 14:46:17 | 000,000,000 | ---D | M] (No name found) -- C:Program FilesMozilla Firefoxextensions [2011/08/10 17:54:30 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:Program FilesMozilla Firefoxextensions{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011/11/03 14:46:17 | 000,000,000 | ---D | M] (Java Console) -- C:Program FilesMozilla Firefoxextensions{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2009/06/03 17:08:18 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:PROGRAM FILESJAVAJRE6LIBDEPLOYJQSFF [2009/09/01 20:55:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:WINDOWSMICROSOFT.NETFRAMEWORKV3.5WINDOWS PRESENTATION FOUNDATIONDOTNETASSISTANTEXTENSION [2011/04/14 17:57:43 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:Program Filesmozilla firefoxcomponentsbrowsercomps.dll [2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginsbing.xml [2010/01/01 09:00:00 | 000,001,892 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginsbolcom-nl.xml [2010/01/01 09:00:00 | 000,004,558 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginsmarktplaats-nl.xml [2010/01/01 09:00:00 | 000,001,111 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginsvandale-nl.xml [2010/01/01 09:00:00 | 000,001,049 | ---- | M] () -- C:Program Filesmozilla firefoxsearchpluginswikipedia-nl.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:Program Filesgooglechromeapplication14.0.835.202gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:WINDOWSsystem32MacromedFlashNPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:Program FilesQuickTimepluginsnpqtplugin7.dll CHR - plugin: Java Platform SE 6 U16 (Enabled) = C:Program FilesJavajre6binnew_pluginnpjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:Program FilesMicrosoft Silverlight4.0.60531.0npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:WINDOWSsystem32AdobeDirectornp32dsw.dll CHR - plugin: RealNetworks RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:Documents and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:Documents and SettingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:Program FilesRealRealPlayerNetscape6nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:Program FilesRealRealPlayerNetscape6nprpjplug.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:Program FilesWindows Media Playernpdsplay.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:Program FilesMicrosoftOffice LivenpOLW.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:Program Filesgooglechromeapplication14.0.835.202ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:Program Filesgooglechromeapplication14.0.835.202pdf.dll CHR - plugin: Skype Toolbars (Enabled) = C:Documents and SettingsmamaLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionslifbcibllhkdhoafpjfnlhfpfgnpldfl5.5.0.8013_0npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Disabled) = C:Program FilesAdobeReader 9.0ReaderBrowsernppdf32.dll CHR - plugin: Microsoftu00AE DRM (Enabled) = C:Program FilesWindows Media Playernpdrmv2.dll CHR - plugin: Microsoftu00AE DRM (Enabled) = C:Program FilesWindows Media Playernpwmsdrm.dll CHR - plugin: Google Earth Plugin (Enabled) = C:Program FilesGoogleGoogle Earthpluginnpgeplugin.dll CHR - plugin: Google Update (Enabled) = C:Program FilesGoogleUpdate1.3.21.69npGoogleUpdate3.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:Program FilesRealRealPlayerNetscape6nprjplug.dll CHR - plugin: Windows Liveu00AE Photo Gallery (Enabled) = C:Program FilesWindows LivePhoto GalleryNPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:Program FilesiTunesMozilla Pluginsnpitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:WINDOWSMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:Documents and SettingsmamaLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionsjfmjfhklogoienhpfnppmbcbjfjnkonk1.4_0 CHR - Extension: Click to call with Skype = C:Documents and SettingsmamaLocal SettingsApplication DataGoogleChromeUser DataDefaultExtensionslifbcibllhkdhoafpjfnlhfpfgnpldfl5.5.0.8013_0 O1 HOSTS File: ([2009/05/22 19:08:20 | 000,611,053 | ---- | M]) - C:WINDOWSsystem32driversetcHOSTS O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 ad.a8.net O1 - Hosts: 127.0.0.1 asy.a8ww.net O1 - Hosts: 127.0.0.1 acezip.net #[siteAdvisor.acezip.net] O1 - Hosts: 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions] O1 - Hosts: 127.0.0.1 phpadsnew.abac.com O1 - Hosts: 127.0.0.1 a.abnad.net O1 - Hosts: 127.0.0.1 b.abnad.net O1 - Hosts: 127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie] O1 - Hosts: 127.0.0.1 d.abnad.net O1 - Hosts: 127.0.0.1 e.abnad.net O1 - Hosts: 127.0.0.1 t.abnad.net O1 - Hosts: 127.0.0.1 z.abnad.net O1 - Hosts: 127.0.0.1 banners.absolpublisher.com O1 - Hosts: 127.0.0.1 tracking.absolstats.com O1 - Hosts: 127.0.0.1 adv.abv.bg O1 - Hosts: 127.0.0.1 bimg.abv.bg O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com O1 - Hosts: 127.0.0.1 accuserveadsystem.com O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com O1 - Hosts: 127.0.0.1 gtb5.acecounter.com O1 - Hosts: 127.0.0.1 gtb19.acecounter.com O1 - Hosts: 127.0.0.1 gtcc1.acecounter.com O1 - Hosts: 127.0.0.1 gtp1.acecounter.com #[eTrust.Tracking.Cookie] O1 - Hosts: 16309 more lines... O3 - HKLM..Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..Run: [D-Link D-Link DWA-125] C:Program FilesD-LinkDWA-125 revAAirGCFG.exe (D-Link Corp.) O4 - HKLM..Run: [info Center] C:Program FilesPCPitstopInfo CenterInfoCenter.exe (PC Pitstop LLC) O4 - HKLM..Run: [LifeCam] C:Program FilesMicrosoft LifeCamLifeExp.exe (Microsoft Corporation) O4 - HKLM..Run: [LogMeIn GUI] C:Program FilesLogMeInx86LogMeInSystray.exe (LogMeIn, Inc.) O4 - HKLM..Run: [MSC] C:Program FilesMicrosoft Security Clientmsseces.exe (Microsoft Corporation) O4 - HKLM..Run: [PWRISOVM.EXE] C:Program FilesPowerISOPWRISOVM.EXE (PowerISO Computing, Inc.) O4 - HKLM..Run: [six Engine] C:Program FilesASUSEPU-4 EngineFourEngine.exe () O4 - HKLM..Run: [uVS10 Preload] C:Program FilesUlead SystemsUlead VideoStudio SE DVDuvPL.exe (Ulead Systems, Inc.) O4 - HKLM..Run: [VX1000] C:WINDOWSvVX1000.exe (Microsoft Corporation) O4 - HKLM..Run: [WinDVR SchSvr] C:Program FilesCommon FilesInterVideoSchSvrSchSvr.exe (InterVideo Inc.) O4 - HKLM..Run: [WZCSLDR2] C:Program FilesD-LinkDWA-125 revAWZCSLDR2.exe (Wireless Service) O4 - HKCU..RunOnce: [shockwave Updater] C:WINDOWSsystem32AdobeShockwave 11SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://www.dadsproject.com/Klokkijken/klokkijken.php" File not found O4 - Startup: C:Documents and SettingsAll UsersMenu StartProgramma'sOpstartenInterVideo WinCinema Manager.lnk = C:Program FilesInterVideoCommonBinWinCinemaMgr.exe () O4 - Startup: C:Documents and SettingsmamaMenu StartProgramma'sOpstartenSpywareGuard.lnk = C:Program FilesSpywareGuardsgmain.exe () O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: HonorAutoRunSetting = 1 O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145 O10 - NameSpace_Catalog5Catalog_Entries000000000004 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.) O16 - DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (VersionControl Class) O16 - DPF: {076169AA-8C3D-4CFC-AC23-3ACA88FC21B5} http://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab (F-Secure Online Scanner Launcher) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class) O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243013861984 (MUWebControl Class) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 195.130.130.4 195.130.131.4 O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{4F52C767-993D-4BB5-AE28-5E54599325CC}: DhcpNameServer = 195.130.131.132 195.130.130.4 O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{57CC1820-8280-407F-8BB2-EB8E5714DF5F}: DhcpNameServer = 195.130.130.4 195.130.131.4 O18 - ProtocolHandlerskype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:Program FilesSkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:WINDOWSexplorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:WINDOWSsystem32userinit.exe) -C:WINDOWSsystem32userinit.exe (Microsoft Corporation) O20 - WinlogonNotify!SASWinLogon: DllName - (C:Program FilesSUPERAntiSpywareSASWINLO.DLL) - C:Program FilesSUPERAntiSpywareSASWINLO.DLL (SUPERAntiSpyware.com) O20 - WinlogonNotifyLMIinit: DllName - (LMIinit.dll) - C:WINDOWSSystem32LMIinit.dll (LogMeIn, Inc.) O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:Program FilesSUPERAntiSpywareSASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:Program FilesSpywareGuardspywareguard.dll () O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/05/22 07:59:54 | 000,000,000 | ---- | M] () - C:AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM..comfile [open] -- "%1" %* O35 - HKLM..exefile [open] -- "%1" %* O37 - HKLM...com [@ = comfile] -- "%1" %* O37 - HKLM...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011/11/03 14:48:47 | 000,000,000 | ---D | C] -- C:Program FilesESET [2011/11/03 14:46:24 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataSun [2011/11/03 14:46:23 | 000,000,000 | ---D | C] -- C:Program FilesCommon FilesJava [2011/11/03 14:46:16 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:WINDOWSSystem32deployJava1.dll [2011/11/03 14:46:16 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:WINDOWSSystem32javaws.exe [2011/11/03 14:46:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:WINDOWSSystem32javaw.exe [2011/11/03 14:46:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:WINDOWSSystem32java.exe [2011/11/03 14:36:18 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersMenu StartProgramma'sMalwarebytes' Anti-Malware [2011/11/03 14:36:14 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:WINDOWSSystem32driversmbam.sys [2011/11/03 14:36:14 | 000,000,000 | ---D | C] -- C:Program FilesMalwarebytes' Anti-Malware [2011/11/03 14:35:40 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:Documents and SettingsmamaBureaubladmbam-setup-1.51.2.1300.exe [2011/11/03 14:31:22 | 000,000,000 | ---D | C] -- C:_OTL [2011/11/03 07:09:09 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:Documents and SettingsmamaBureaubladOTL.exe [2011/11/02 11:25:29 | 000,000,000 | RH-D | C] -- C:Documents and SettingsmamaOnlangs geopend [2011/11/01 12:01:24 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersMenu StartProgramma'sSIW [2011/11/01 12:01:21 | 000,000,000 | ---D | C] -- C:Program FilesSIW [2011/11/01 09:52:47 | 000,000,000 | ---D | C] -- C:Documents and SettingsmamaBureaubladgmer [2011/11/01 09:48:59 | 000,000,000 | R--D | C] -- C:Documents and SettingsmamaMenu StartProgramma'sSysteembeheer [2011/11/01 09:46:37 | 000,607,260 | R--- | C] (Swearware) -- C:Documents and SettingsmamaBureaubladdds.scr [2011/10/30 21:44:36 | 000,000,000 | ---D | C] -- C:Program FilesTrend Micro [2011/10/30 21:44:36 | 000,000,000 | ---D | C] -- C:Documents and SettingsmamaMenu StartProgramma'sHiJackThis [2011/10/30 17:56:16 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataPCPitstopDat [2011/10/30 17:54:02 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersMenu StartProgramma'sPC Pitstop [2011/10/30 14:57:11 | 000,000,000 | ---D | C] -- C:WINDOWSCSC [2011/10/30 12:09:43 | 000,000,000 | ---D | C] -- D:Documents and SettingsmamaMijn documentenDownloads [2011/10/30 07:17:24 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersMenu StartProgramma'sD-Link [2011/10/30 07:15:34 | 000,779,136 | ---- | C] (Ralink Technology, Corp.) -- C:WINDOWSSystem32driversDrt2870.sys [2011/10/30 07:15:33 | 000,221,184 | ---- | C] (Ralink Technology, Inc.) -- C:WINDOWSSystem32RaCoInst.dll [2011/10/30 07:15:32 | 000,000,000 | ---D | C] -- C:Program FilesD-Link [2011/10/19 15:31:35 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersMenu StartProgramma'sHEMA Fotoservice [2011/10/19 15:31:15 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication DataHEMA Fotoservice [2011/10/19 15:31:13 | 000,000,000 | ---D | C] -- C:Program FilesHEMA Fotoservice [2011/10/13 18:56:57 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication Datatmp [2011/10/13 18:56:56 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersApplication Datahps [2011/10/13 18:56:38 | 000,000,000 | ---D | C] -- C:Documents and SettingsAll UsersMenu StartProgramma'sbol.com fotoservice [2011/10/13 18:55:38 | 000,000,000 | ---D | C] -- C:Program Filesbol.com [1 D:Documents and SettingsmamaMijn documenten*.tmp files -> D:Documents and SettingsmamaMijn documenten*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/11/05 15:27:55 | 000,003,284 | ---- | M] () -- C:WINDOWSSystem32ANIWZCS{57CC1820-8280-407F-8BB2-EB8E5714DF5F} [2011/11/05 15:27:46 | 000,000,005 | ---- | M] () -- C:WINDOWSSystem32ANIWZCSUSERNAME{57CC1820-8280-407F-8BB2-EB8E5714DF5F} [2011/11/05 15:25:08 | 000,002,206 | ---- | M] () -- C:WINDOWSSystem32wpa.dbl [2011/11/05 15:25:07 | 000,001,040 | ---- | M] () -- C:WINDOWStasksGoogleUpdateTaskMachineCore.job [2011/11/05 15:25:07 | 000,000,280 | ---- | M] () -- C:WINDOWStasksRealUpgradeLogonTaskS-1-5-21-2000478354-115176313-839522115-1005.job [2011/11/05 15:25:07 | 000,000,276 | ---- | M] () -- C:WINDOWStasksRealUpgradeLogonTaskS-1-5-21-2000478354-115176313-839522115-1003.job [2011/11/05 15:25:06 | 000,000,294 | ---- | M] () -- C:WINDOWStasksRealUpgradeLogonTaskS-1-5-21-2000478354-115176313-839522115-500.job [2011/11/05 15:23:32 | 000,000,424 | -H-- | M] () -- C:WINDOWStasksMP Scheduled Scan.job [2011/11/05 15:18:21 | 000,002,048 | --S- | M] () -- C:WINDOWSbootstat.dat [2011/11/05 15:17:34 | 000,708,380 | ---- | M] () -- C:WINDOWSSystem32perfh013.dat [2011/11/05 15:17:34 | 000,608,586 | ---- | M] () -- C:WINDOWSSystem32perfh009.dat [2011/11/05 15:17:34 | 000,187,392 | ---- | M] () -- C:WINDOWSSystem32perfc013.dat [2011/11/05 15:17:34 | 000,144,254 | ---- | M] () -- C:WINDOWSSystem32perfc009.dat [2011/11/05 15:00:00 | 000,001,044 | ---- | M] () -- C:WINDOWStasksGoogleUpdateTaskMachineUA.job [2011/11/03 16:40:10 | 000,039,570 | ---- | M] () -- C:Documents and SettingsmamaBureaubladesetscan.JPG [2011/11/03 14:36:18 | 000,000,784 | ---- | M] () -- C:Documents and SettingsAll UsersBureaubladMalwarebytes' Anti-Malware.lnk [2011/11/03 14:35:53 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:Documents and SettingsmamaBureaubladmbam-setup-1.51.2.1300.exe [2011/11/03 07:09:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:Documents and SettingsmamaBureaubladOTL.exe [2011/11/02 14:14:00 | 000,000,288 | ---- | M] () -- C:WINDOWStasksRealUpgradeScheduledTaskS-1-5-21-2000478354-115176313-839522115-1005.job [2011/11/02 14:11:21 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:WINDOWSSystem32FlashPlayerCPLApp.cpl [2011/11/02 11:22:07 | 000,005,120 | ---- | M] () -- C:Documents and SettingsmamaLocal SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/11/01 12:01:27 | 000,000,610 | ---- | M] () -- C:Documents and SettingsmamaBureaubladSIW.lnk [2011/11/01 09:48:43 | 000,294,216 | ---- | M] () -- C:Documents and SettingsmamaBureaubladgmer.zip [2011/11/01 09:46:39 | 000,607,260 | R--- | M] (Swearware) -- C:Documents and SettingsmamaBureaubladdds.scr [2011/10/30 21:45:14 | 000,002,445 | ---- | M] () -- C:Documents and SettingsmamaBureaubladHiJackThis.lnk [2011/10/30 18:43:37 | 000,002,187 | ---- | M] () -- C:Documents and SettingsAll UsersBureaubladSafari.lnk [2011/10/30 18:25:42 | 000,000,244 | ---- | M] () -- C:Documents and SettingsmamaBureaubladToverboom InfoCentrum.url [2011/10/30 17:54:02 | 000,001,675 | ---- | M] () -- C:Documents and SettingsmamaBureaubladPC Matic.lnk [2011/10/30 17:22:29 | 000,002,493 | ---- | M] () -- C:Documents and SettingsmamaBureaubladMicrosoft Office Word 2007.lnk [2011/10/30 16:02:47 | 000,001,324 | ---- | M] () -- C:WINDOWSSystem32d3d9caps.dat [2011/10/30 14:45:40 | 000,000,284 | ---- | M] () -- C:WINDOWStasksRealUpgradeScheduledTaskS-1-5-21-2000478354-115176313-839522115-1003.job [2011/10/30 14:39:23 | 000,000,211 | ---- | M] () -- C:Documents and SettingsmamaBureaubladDe Toverboom - WELKOM - Basisschool 'De Toverboom'. Kom alles te weten over onze school..url [2011/10/30 09:55:19 | 000,000,302 | ---- | M] () -- C:WINDOWStasksRealUpgradeScheduledTaskS-1-5-21-2000478354-115176313-839522115-500.job [2011/10/30 09:55:11 | 000,000,682 | ---- | M] () -- C:Documents and SettingsAll UsersBureaubladCCleaner.lnk [2011/10/30 07:17:24 | 000,001,682 | ---- | M] () -- C:Documents and SettingsAll UsersBureaubladWireless Connection Manager.lnk [2011/10/30 07:16:16 | 000,315,392 | ---- | M] () -- C:WINDOWSSystem32ANPDApi.dll [2011/10/30 07:16:16 | 000,048,640 | ---- | M] () -- C:WINDOWSSystem32ANPD64.SYS [2011/10/30 07:16:16 | 000,034,008 | ---- | M] () -- C:WINDOWSSystem32ANPD.VXD [2011/10/30 07:16:16 | 000,029,411 | ---- | M] () -- C:WINDOWSSystem32ANPD.SYS [2011/10/29 17:28:37 | 000,001,813 | ---- | M] () -- C:Documents and SettingsAll UsersBureaubladGoogle Chrome.lnk [2011/10/19 14:55:38 | 000,000,914 | ---- | M] () -- C:Documents and SettingsAll UsersBureaubladbol.com fotoservice.lnk [2011/10/19 14:55:38 | 000,000,884 | ---- | M] () -- C:Documents and SettingsAll UsersBureaubladCEWE Fotoshow.lnk [2011/10/14 05:51:45 | 000,293,272 | ---- | M] () -- C:WINDOWSSystem32FNTCACHE.DAT [2011/10/08 07:50:36 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:WINDOWSSystem32LMIRfsClientNP.dll [2011/10/08 07:50:35 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:WINDOWSSystem32LMIinit.dll [2011/10/08 07:50:35 | 000,030,592 | ---- | M] (LogMeIn, Inc.) -- C:WINDOWSSystem32LMIport.dll [1 D:Documents and SettingsmamaMijn documenten*.tmp files -> D:Documents and SettingsmamaMijn documenten*.tmp -> ] ========== Files Created - No Company Name ========== [2011/11/03 16:40:10 | 000,039,570 | ---- | C] () -- C:Documents and SettingsmamaBureaubladesetscan.JPG [2011/11/03 14:36:18 | 000,000,784 | ---- | C] () -- C:Documents and SettingsAll UsersBureaubladMalwarebytes' Anti-Malware.lnk [2011/11/02 11:20:44 | 000,005,120 | ---- | C] () -- C:Documents and SettingsmamaLocal SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/11/01 12:01:27 | 000,000,610 | ---- | C] () -- C:Documents and SettingsmamaBureaubladSIW.lnk [2011/11/01 09:48:43 | 000,294,216 | ---- | C] () -- C:Documents and SettingsmamaBureaubladgmer.zip [2011/10/30 21:44:37 | 000,002,445 | ---- | C] () -- C:Documents and SettingsmamaBureaubladHiJackThis.lnk [2011/10/30 17:40:33 | 000,000,244 | ---- | C] () -- C:Documents and SettingsmamaBureaubladToverboom InfoCentrum.url [2011/10/30 09:55:20 | 000,000,294 | ---- | C] () -- C:WINDOWStasksRealUpgradeLogonTaskS-1-5-21-2000478354-115176313-839522115-500.job [2011/10/30 09:55:19 | 000,000,302 | ---- | C] () -- C:WINDOWStasksRealUpgradeScheduledTaskS-1-5-21-2000478354-115176313-839522115-500.job [2011/10/30 09:55:11 | 000,000,682 | ---- | C] () -- C:Documents and SettingsAll UsersBureaubladCCleaner.lnk [2011/10/30 07:17:31 | 000,003,284 | ---- | C] () -- C:WINDOWSSystem32ANIWZCS{57CC1820-8280-407F-8BB2-EB8E5714DF5F} [2011/10/30 07:17:24 | 000,001,682 | ---- | C] () -- C:Documents and SettingsAll UsersBureaubladWireless Connection Manager.lnk [2011/10/30 07:16:23 | 000,000,005 | ---- | C] () -- C:WINDOWSSystem32ANIWZCSUSERNAME{57CC1820-8280-407F-8BB2-EB8E5714DF5F} [2011/10/30 07:16:16 | 000,315,392 | ---- | C] () -- C:WINDOWSSystem32ANPDApi.dll [2011/10/30 07:16:16 | 000,048,640 | ---- | C] () -- C:WINDOWSSystem32ANPD64.SYS [2011/10/30 07:16:16 | 000,034,008 | ---- | C] () -- C:WINDOWSSystem32ANPD.VXD [2011/10/30 07:16:16 | 000,029,411 | ---- | C] () -- C:WINDOWSSystem32ANPD.SYS [2011/10/30 07:15:33 | 000,013,931 | ---- | C] () -- C:WINDOWSSystem32RaCoInst.dat [2011/10/13 18:56:52 | 000,000,914 | ---- | C] () -- C:Documents and SettingsAll UsersBureaubladbol.com fotoservice.lnk [2011/10/13 18:56:52 | 000,000,884 | ---- | C] () -- C:Documents and SettingsAll UsersBureaubladCEWE Fotoshow.lnk [2011/08/13 16:41:18 | 000,204,800 | ---- | C] () -- C:WINDOWSSystem32IVIresizeW7.dll [2011/08/13 16:41:18 | 000,200,704 | ---- | C] () -- C:WINDOWSSystem32IVIresizeA6.dll [2011/08/13 16:41:18 | 000,192,512 | ---- | C] () -- C:WINDOWSSystem32IVIresizeP6.dll [2011/08/13 16:41:18 | 000,192,512 | ---- | C] () -- C:WINDOWSSystem32IVIresizeM6.dll [2011/08/13 16:41:18 | 000,188,416 | ---- | C] () -- C:WINDOWSSystem32IVIresizePX.dll [2011/08/13 16:41:18 | 000,020,480 | ---- | C] () -- C:WINDOWSSystem32IVIresize.dll [2011/08/11 13:40:49 | 000,061,244 | ---- | C] () -- C:WINDOWSSystem32x264vfw-uninstall.exe [2011/08/11 13:38:08 | 000,000,135 | ---- | C] () -- C:WINDOWShuffyuv.ini [2011/08/10 18:18:52 | 000,363,520 | ---- | C] () -- C:WINDOWSSystem32PsisDecd.dll [2011/07/10 22:04:39 | 000,021,504 | ---- | C] () -- C:WINDOWSjestertb.dll [2011/03/18 22:18:48 | 000,002,528 | ---- | C] () -- C:Documents and SettingsmamaApplication Data$_hpcst$.hpc [2011/03/08 20:05:24 | 000,000,162 | ---- | C] () -- C:WINDOWSwininit.ini [2011/02/23 19:49:33 | 000,000,552 | ---- | C] () -- C:WINDOWSSystem32d3d8caps.dat [2011/02/20 12:33:22 | 000,000,000 | ---- | C] () -- C:WINDOWSnsreg.dat [2010/11/18 17:36:02 | 000,027,648 | ---- | C] () -- C:WINDOWSSystem32AVSredirect.dll [2010/05/06 19:43:34 | 000,001,324 | ---- | C] () -- C:WINDOWSSystem32d3d9caps.dat [2010/04/06 10:37:57 | 000,000,056 | -H-- | C] () -- C:WINDOWSSystem32ezsidmv.dat [2010/04/06 10:30:31 | 000,015,498 | ---- | C] () -- C:WINDOWSVX1000.ini [2010/01/27 21:54:34 | 002,283,526 | ---- | C] () -- C:WINDOWSSystem32nvdata.bin [2009/12/24 14:53:19 | 000,087,472 | ---- | C] () -- C:WINDOWSSystem32ijjiChannelingPlugin.dll [2009/10/24 18:51:55 | 000,682,280 | ---- | C] () -- C:WINDOWSSystem32pbsvc.exe [2009/09/27 18:14:41 | 000,062,036 | -H-- | C] () -- C:WINDOWSSystem32mlfcache.dat [2009/08/06 09:42:23 | 000,138,160 | ---- | C] () -- C:WINDOWSSystem32driversPnkBstrK.sys [2009/08/06 09:42:01 | 000,271,200 | ---- | C] () -- C:WINDOWSSystem32PnkBstrB.exe [2009/08/06 09:41:56 | 000,075,136 | ---- | C] () -- C:WINDOWSSystem32PnkBstrA.exe [2009/08/06 09:41:46 | 000,000,287 | ---- | C] () -- C:WINDOWSgame.ini [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:WINDOWSSystem32OGACheckControl.dll [2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:WINDOWSSystem32OGAEXEC.exe [2009/07/12 16:39:51 | 000,000,751 | ---- | C] () -- C:WINDOWSSpiderman.INI [2009/07/12 10:32:17 | 000,158,952 | ---- | C] () -- C:WINDOWSSystem32PubPlugin.dll [2009/06/29 17:33:43 | 000,000,000 | ---- | C] () -- C:Documents and SettingsAll UsersApplication DataLauncherAccess.dt [2009/06/29 17:27:54 | 000,005,632 | ---- | C] () -- C:WINDOWSSystem32driversStarOpen.sys [2009/06/01 19:43:54 | 000,019,558 | ---- | C] () -- C:WINDOWShpoins01.dat [2009/06/01 19:43:54 | 000,016,606 | ---- | C] () -- C:WINDOWShpomdl01.dat [2009/05/22 09:48:05 | 000,004,205 | ---- | C] () -- C:WINDOWSODBCINST.INI [2009/05/22 09:45:27 | 000,293,272 | ---- | C] () -- C:WINDOWSSystem32FNTCACHE.DAT [2009/05/22 09:13:54 | 000,000,127 | ---- | C] () -- C:Documents and SettingsmamaLocal SettingsApplication Datafusioncache.dat [2009/05/22 08:19:56 | 000,024,576 | R--- | C] () -- C:WINDOWSSystem32AsIO.dll [2009/05/22 08:19:56 | 000,012,400 | R--- | C] () -- C:WINDOWSSystem32driversAsIO.sys [2009/05/22 08:19:54 | 000,011,832 | ---- | C] () -- C:WINDOWSSystem32driversAsInsHelp64.sys [2009/05/22 08:19:54 | 000,010,216 | ---- | C] () -- C:WINDOWSSystem32driversAsInsHelp32.sys [2009/05/22 08:06:28 | 000,028,928 | ---- | C] () -- C:WINDOWSAscd_log.ini [2009/05/22 08:05:27 | 000,005,810 | R--- | C] () -- C:WINDOWSSystem32driversASACPI.sys [2009/05/22 08:05:12 | 000,028,545 | ---- | C] () -- C:WINDOWSAscd_tmp.ini [2009/05/22 08:05:12 | 000,010,296 | ---- | C] () -- C:WINDOWSSystem32driversASUSHWIO.SYS [2009/05/22 08:01:16 | 000,002,048 | --S- | C] () -- C:WINDOWSbootstat.dat [2009/05/22 07:57:44 | 000,021,748 | ---- | C] () -- C:WINDOWSSystem32emptyregdb.dat [2009/02/09 06:18:00 | 001,724,416 | ---- | C] () -- C:WINDOWSSystem32nvwdmcpl.dll [2009/02/09 06:18:00 | 001,657,376 | ---- | C] () -- C:WINDOWSSystem32nwiz.exe [2009/02/09 06:18:00 | 001,507,328 | ---- | C] () -- C:WINDOWSSystem32nview.dll [2009/02/09 06:18:00 | 001,346,080 | ---- | C] () -- C:WINDOWSSystem32nvdspsch.exe [2009/02/09 06:18:00 | 001,101,824 | ---- | C] () -- C:WINDOWSSystem32nvwimg.dll [2009/02/09 06:18:00 | 000,466,944 | ---- | C] () -- C:WINDOWSSystem32nvshell.dll [2009/02/09 06:18:00 | 000,449,056 | ---- | C] () -- C:WINDOWSSystem32nvappbar.exe [2009/02/09 06:18:00 | 000,436,768 | ---- | C] () -- C:WINDOWSSystem32keystone.exe [2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:WINDOWSSystem32physxcudart_20.dll [2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelTraditionalChinese.dll [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelSwedish.dll [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelSpanish.dll [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelSimplifiedChinese.dll [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelPortugese.dll [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelKorean.dll [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelJapanese.dll [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelGerman.dll [2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:WINDOWSSystem32AgCPanelFrench.dll [2008/04/15 21:18:40 | 002,084,371 | ---- | C] () -- C:WINDOWSSystem32x264vfw.dll [2007/11/06 21:19:28 | 000,053,299 | ---- | C] () -- C:WINDOWSSystem32pthreadVC.dll [2004/08/04 13:00:00 | 013,107,200 | ---- | C] () -- C:WINDOWSSystem32oembios.bin [2004/08/04 13:00:00 | 000,708,380 | ---- | C] () -- C:WINDOWSSystem32perfh013.dat [2004/08/04 13:00:00 | 000,673,088 | ---- | C] () -- C:WINDOWSSystem32mlang.dat [2004/08/04 13:00:00 | 000,608,586 | ---- | C] () -- C:WINDOWSSystem32perfh009.dat [2004/08/04 13:00:00 | 000,318,670 | ---- | C] () -- C:WINDOWSSystem32perfi013.dat [2004/08/04 13:00:00 | 000,272,128 | ---- | C] () -- C:WINDOWSSystem32perfi009.dat [2004/08/04 13:00:00 | 000,218,003 | ---- | C] () -- C:WINDOWSSystem32dssec.dat [2004/08/04 13:00:00 | 000,187,392 | ---- | C] () -- C:WINDOWSSystem32perfc013.dat [2004/08/04 13:00:00 | 000,144,254 | ---- | C] () -- C:WINDOWSSystem32perfc009.dat [2004/08/04 13:00:00 | 000,046,258 | ---- | C] () -- C:WINDOWSSystem32mib.bin [2004/08/04 13:00:00 | 000,039,178 | ---- | C] () -- C:WINDOWSSystem32perfd013.dat [2004/08/04 13:00:00 | 000,028,626 | ---- | C] () -- C:WINDOWSSystem32perfd009.dat [2004/08/04 13:00:00 | 000,004,569 | ---- | C] () -- C:WINDOWSSystem32secupd.dat [2004/08/04 13:00:00 | 000,004,463 | ---- | C] () -- C:WINDOWSSystem32oembios.dat [2004/08/04 13:00:00 | 000,001,804 | ---- | C] () -- C:WINDOWSSystem32dcache.bin [2004/08/04 13:00:00 | 000,000,741 | ---- | C] () -- C:WINDOWSSystem32noise.dat [1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:WINDOWSSystem32giveio.sys ========== LOP Check ========== [2011/06/05 18:17:28 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Data1C119 [2009/08/13 17:27:03 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataActivision [2011/06/05 18:17:43 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Databoost_interprocess [2011/08/10 19:26:46 | 000,000,000 | -H-D | M] -- C:Documents and SettingsAll UsersApplication DataCanonBJ [2011/03/14 17:01:35 | 000,000,000 | -H-D | M] -- C:Documents and SettingsAll UsersApplication DataCommon Files [2011/07/10 20:57:25 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataEasybits GO [2009/09/22 08:35:45 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataF-Secure [2011/10/19 15:31:15 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataHEMA Fotoservice [2011/08/13 16:42:06 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataInterVideo [2011/11/05 14:39:18 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataLogMeIn [2011/11/04 17:06:03 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataPCPitstop [2011/10/30 17:56:16 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataPCPitstopDat [2010/01/27 22:03:05 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataTEMP [2011/10/19 14:58:56 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Datatmp [2009/12/05 19:06:30 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataUbisoft [2011/08/10 18:15:10 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication DataUlead Systems [2010/07/08 13:43:28 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Data{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/09/27 18:32:40 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Data{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/06/10 13:06:41 | 000,000,000 | ---D | M] -- C:Documents and SettingsAll UsersApplication Data{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2009/11/08 09:09:14 | 000,000,000 | ---D | M] -- C:Documents and SettingsmamaApplication DataActivision [2011/06/05 21:35:52 | 000,000,000 | ---D | M] -- C:Documents and SettingsmamaApplication Databsbandmltbpi [2009/06/01 18:56:09 | 000,000,000 | ---D | M] -- C:Documents and SettingsmamaApplication DataGenie-Soft [2011/08/10 21:45:48 | 000,000,000 | ---D | M] -- C:Documents and SettingsmamaApplication DataUlead Systems [2009/06/04 18:37:34 | 000,000,344 | ---- | M] () -- C:WINDOWSTasksFRU Task #Hewlett-Packard#hp psc 1200 series#1243881968.job [2011/11/05 15:23:32 | 000,000,424 | -H-- | M] () -- C:WINDOWSTasksMP Scheduled Scan.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%*.* > [2009/05/22 21:24:16 | 000,001,024 | ---- | M] () -- C:.rnd [2009/05/22 07:59:54 | 000,000,000 | ---- | M] () -- C:AUTOEXEC.BAT [2009/09/21 19:36:07 | 000,000,211 | -HS- | M] () -- C:boot.ini [2004/08/04 13:00:00 | 000,004,952 | RHS- | M] () -- C:Bootfont.bin [2009/08/17 14:07:00 | 000,000,074 | ---- | M] () -- C:CMLoader.log [2009/05/22 07:59:54 | 000,000,000 | ---- | M] () -- C:CONFIG.SYS [2010/11/17 18:56:16 | 000,000,135 | ---- | M] () -- C:error.log [2011/08/09 12:38:56 | 000,000,524 | ---- | M] () -- C:hpfr3420.xml [2011/08/09 12:38:56 | 000,206,064 | ---- | M] () -- C:hpfr3425.log [2009/08/15 23:05:02 | 000,000,921 | -H-- | M] () -- C:hpothb07.dat [2009/08/15 23:05:02 | 000,002,225 | -H-- | M] () -- C:hpothb07.tif [2011/02/16 17:22:12 | 000,460,824 | ---- | M] () -- C:img2-001.raw [2009/05/22 07:59:54 | 000,000,000 | RHS- | M] () -- C:IO.SYS [2009/05/22 07:59:54 | 000,000,000 | RHS- | M] () -- C:MSDOS.SYS [2004/08/04 13:00:00 | 000,047,564 | RHS- | M] () -- C:NTDETECT.COM [2009/05/22 08:41:40 | 000,251,712 | RHS- | M] () -- C:ntldr [2011/11/05 15:18:16 | 2145,386,496 | -HS- | M] () -- C:pagefile.sys [2009/05/22 08:07:45 | 000,001,589 | ---- | M] () -- C:RHDSetup.log < %systemroot%Fonts*.com > [2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:WINDOWSFontsGlobalMonospace.CompositeFont [2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:WINDOWSFontsGlobalSansSerif.CompositeFont [2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:WINDOWSFontsGlobalSerif.CompositeFont [2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:WINDOWSFontsGlobalUserInterface.CompositeFont < %systemroot%Fonts*.dll > < %systemroot%Fonts*.ini > [2009/05/22 07:59:35 | 000,000,067 | -HS- | M] () -- C:WINDOWSFontsdesktop.ini < %systemroot%Fonts*.ini2 > < %systemroot%Fonts*.exe > < %systemroot%system32spoolprtprocsw32x86*.* > [2010/08/25 04:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:WINDOWSsystem32spoolprtprocsw32x86CNMPDA9.DLL [2010/08/25 04:00:00 | 000,073,216 | ---- | M] (CANON INC.) -- C:WINDOWSsystem32spoolprtprocsw32x86CNMPPA9.DLL [2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:WINDOWSsystem32spoolprtprocsw32x86filterpipelineprintproc.dll [2011/10/08 07:50:36 | 000,052,096 | ---- | M] (LogMeIn, Inc.) -- C:WINDOWSsystem32spoolprtprocsw32x86LMIproc.dll [2008/07/06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:WINDOWSsystem32spoolprtprocsw32x86printfilterpipelinesvc.exe < %systemroot%REPAIR*.bak1 > < %systemroot%REPAIR*.ini > < %systemroot%system32*.jpg > < %systemroot%*.jpg > < %systemroot%*.png > < %systemroot%*.scr > [2010/04/17 02:11:10 | 000,307,056 | ---- | M] (Microsoft Corporation) -- C:WINDOWSWLXPGSS.SCR < %systemroot%*._sy > < %APPDATA%AdobeUpdate*.* > < %ALLUSERSPROFILE%Favorites*.* > < %APPDATA%Microsoft*.* > < %PROGRAMFILES%*.* > < %APPDATA%Update*.* > < %systemroot%*. /mp /s > < %systemroot%System32config*.sav > [2009/05/22 09:44:41 | 000,094,208 | ---- | M] () -- C:WINDOWSSystem32configdefault.sav [2009/05/22 09:44:41 | 000,663,552 | ---- | M] () -- C:WINDOWSSystem32configsoftware.sav [2009/05/22 09:44:41 | 000,450,560 | ---- | M] () -- C:WINDOWSSystem32configsystem.sav < %PROGRAMFILES%bak. /s > < %systemroot%system32bak. /s >[/ Link to post Share on other sites
JonTom Posted November 5, 2011 Share Posted November 5, 2011 Hello gagaman Thank you for the logs. OTL is removing those entries but they are still being recreated. Combofix Download ComboFix from one of the following locations: Link 1 Link 2 VERY IMPORTANT !!! Save ComboFix.exe to your Desktop IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here . Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Notes: Do not mouse-click Combofix's window while it is running. That may cause it to stall. Do not "re-run" Combofix. If you have a problem, reply back for further instructions. Should there be issues with internet afterward: In IE: Tools Menu -> Internet Options -> Connections Tab -> Lan Settings -> uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously. In Firefox: Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy. Link to post Share on other sites
gagaman Posted November 5, 2011 Author Share Posted November 5, 2011 (edited) Hello JonTom, Does this machine have an extra (D) drive attached?I missed this a few posts back ... This computer has 1 HD divided in two partitions.: c:/ with the os en programs and d:/ with the data. Here is the Combofixlog ComboFix 11-11-05.02 - mama 05/11/2011 17:30:21.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3327.2559 [GMT 1:00] Gestart vanuit: c:documents and settingsmamaBureaubladComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:documents and settingsAll UsersApplication DataTEMP c:windowsjestertb.dll d:documents and settingsmamaMijn documenten~WRL0005.tmp . . (((((((((((((((((((( Bestanden Gemaakt van 2011-10-05 to 2011-11-05 )))))))))))))))))))))))))))))) . . 2011-11-05 16:26 . 2011-11-05 16:26 56200 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{4610ACF3-2D33-4F6A-B07B-EA1FA43E494D}offreg.dll 2011-11-05 16:26 . 2011-10-07 03:48 6668624 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{4610ACF3-2D33-4F6A-B07B-EA1FA43E494D}mpengine.dll 2011-11-03 13:48 . 2011-11-03 13:48 -------- d-----w- c:program filesESET 2011-11-03 13:46 . 2011-11-03 13:46 -------- d-----w- c:program filesCommon FilesJava 2011-11-03 13:46 . 2011-10-03 04:06 472808 ----a-w- c:windowssystem32deployJava1.dll 2011-11-03 13:36 . 2011-11-03 13:36 -------- d-----w- c:program filesMalwarebytes' Anti-Malware 2011-11-03 13:36 . 2011-08-31 16:00 22216 ----a-w- c:windowssystem32driversmbam.sys 2011-11-03 13:31 . 2011-11-03 13:31 -------- d-----w- C:_OTL 2011-11-02 10:25 . 2011-11-05 14:58 -------- d--h--r- c:documents and settingsmamaOnlangs geopend 2011-11-01 11:01 . 2011-11-01 11:01 -------- d-----w- c:program filesSIW 2011-10-30 20:44 . 2011-10-30 20:44 388096 ----a-r- c:documents and settingsmamaApplication DataMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe 2011-10-30 20:44 . 2011-10-30 20:44 -------- d-----w- c:program filesTrend Micro 2011-10-30 16:56 . 2011-10-30 16:56 -------- d-----w- c:documents and settingsAll UsersApplication DataPCPitstopDat 2011-10-30 08:56 . 2011-10-30 08:56 -------- d--h--r- c:documents and settingsAdministratorOnlangs geopend 2011-10-30 08:54 . 2011-10-30 08:54 -------- d-sh--w- c:documents and settingsAdministratorIECompatCache 2011-10-30 08:53 . 2011-10-30 08:54 -------- d-----w- c:documents and settingsAdministratorLocal SettingsApplication DataConduitEngine 2011-10-30 06:16 . 2011-10-30 06:16 48640 ----a-w- c:windowssystem32ANPD64.SYS 2011-10-30 06:16 . 2011-10-30 06:16 34008 ----a-w- c:windowssystem32ANPD.VXD 2011-10-30 06:16 . 2011-10-30 06:16 315392 ----a-w- c:windowssystem32ANPDApi.dll 2011-10-30 06:16 . 2011-10-30 06:16 29411 ----a-w- c:windowssystem32ANPD.SYS 2011-10-30 06:15 . 2009-09-15 13:09 779136 ----a-w- c:windowssystem32driversDrt2870.sys 2011-10-30 06:15 . 2009-09-15 13:08 221184 ----a-w- c:windowssystem32RaCoInst.dll 2011-10-30 06:15 . 2011-10-30 06:15 -------- d-----w- c:program filesD-Link 2011-10-30 06:15 . 2011-10-30 06:15 -------- d-----w- c:documents and settingsAdministratorApplication DataInstallShield 2011-10-30 06:13 . 2011-10-30 06:13 -------- d-----w- c:documents and settingsAdministratorApplication DataUlead Systems 2011-10-30 06:13 . 2011-10-30 06:13 -------- d-----w- c:documents and settingsAdministratorApplication DataApple Computer 2011-10-19 14:31 . 2011-10-19 14:31 -------- d-----w- c:documents and settingsAll UsersApplication DataHEMA Fotoservice 2011-10-19 14:31 . 2011-10-19 14:31 -------- d-----w- c:program filesHEMA Fotoservice 2011-10-13 17:56 . 2011-10-19 13:58 -------- d-----w- c:documents and settingsAll UsersApplication Datatmp 2011-10-13 17:56 . 2011-10-13 17:56 -------- d-----w- c:documents and settingsAll UsersApplication Datahps 2011-10-13 17:55 . 2011-10-13 17:55 -------- d-----w- c:program filesbol.com . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-02 13:11 . 2011-06-07 16:11 414368 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl 2011-10-08 06:50 . 2009-05-22 20:24 52096 ----a-w- c:windowssystem32Spoolprtprocsw32x86LMIproc.dll 2011-10-08 06:50 . 2009-05-22 20:24 83360 ----a-w- c:windowssystem32LMIRfsClientNP.dll 2011-10-08 06:50 . 2009-05-22 20:24 30592 ----a-w- c:windowssystem32LMIport.dll 2011-10-08 06:50 . 2009-05-22 20:24 87424 ----a-w- c:windowssystem32LMIinit.dll 2011-10-07 03:48 . 2011-06-13 18:01 6668624 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition UpdatesBackupmpengine.dll 2011-10-03 01:37 . 2009-06-03 16:08 73728 ----a-w- c:windowssystem32javacpl.cpl 2011-09-26 09:41 . 2008-07-29 17:59 614912 ----a-w- c:windowssystem32uiautomationcore.dll 2011-09-26 09:41 . 2004-08-04 12:00 23040 ----a-w- c:windowssystem32oleaccrc.dll 2011-09-26 09:41 . 2004-08-04 12:00 220160 ----a-w- c:windowssystem32oleacc.dll 2011-09-09 09:12 . 2004-08-04 12:00 602624 ----a-w- c:windowssystem32crypt32.dll 2011-09-06 14:09 . 2004-08-04 12:00 1859072 ----a-w- c:windowssystem32win32k.sys 2011-08-22 23:41 . 2004-08-04 12:00 916480 ----a-w- c:windowssystem32wininet.dll 2011-08-22 23:41 . 2004-08-04 12:00 43520 ----a-w- c:windowssystem32licmgr10.dll 2011-08-22 23:41 . 2004-08-04 12:00 1469440 ----a-w- c:windowssystem32inetcpl.cpl 2011-08-22 11:58 . 2004-08-04 12:00 385024 ----a-w- c:windowssystem32html.iec 2011-08-17 13:49 . 2004-08-04 12:00 138496 ----a-w- c:windowssystem32driversafd.sys 2011-08-13 12:00 . 2011-08-11 12:40 61244 ----a-w- c:windowssystem32x264vfw-uninstall.exe 2011-04-14 16:57 . 2011-04-29 14:24 142296 ----a-w- c:program filesmozilla firefoxcomponentsbrowsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "Skype"="c:program filesSkypePhoneSkype.exe" [2011-07-29 17361032] . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "Six Engine"="c:program filesASUSEPU-4 EngineFourEngine.exe" [2008-07-23 5625344] "LogMeIn GUI"="c:program filesLogMeInx86LogMeInSystray.exe" [2008-07-24 63048] "RTHDCPL"="RTHDCPL.EXE" [2009-12-25 18789408] "LifeCam"="c:program filesMicrosoft LifeCamLifeExp.exe" [2007-05-17 279912] "VX1000"="c:windowsvVX1000.exe" [2007-04-10 709992] "MSC"="c:program filesMicrosoft Security Clientmsseces.exe" [2011-06-15 997920] "AppleSyncNotifier"="c:program filesCommon FilesAppleMobile Device SupportAppleSyncNotifier.exe" [2011-04-20 58656] "iTunesHelper"="c:program filesiTunesiTunesHelper.exe" [2011-06-07 421160] "PWRISOVM.EXE"="c:program filesPowerISOPWRISOVM.EXE" [2011-06-15 307200] "UVS10 Preload"="c:program filesUlead SystemsUlead VideoStudio SE DVDuvPL.exe" [2006-08-09 36864] "WinDVR SchSvr"="c:program filesCommon FilesInterVideoSchSvrSchSvr.exe" [2003-06-06 151552] "D-Link D-Link DWA-125"="c:program filesD-LinkDWA-125 revAAirGCFG.exe" [2009-10-19 995328] "WZCSLDR2"="c:program filesD-LinkDWA-125 revAWZCSLDR2.exe" [2009-10-19 122880] "Info Center"="c:program filesPCPitstopInfo CenterInfoCenter.exe" [2011-09-26 24216] "SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe" [2011-06-09 254696] . [HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun] "CTFMON.EXE"="c:windowssystem32CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:progra~1COMMON~1MICROS~1DWdwtrig20.exe" [2011-07-27 434080] . c:documents and settingsmamaMenu StartProgramma'sOpstarten SpywareGuard.lnk - c:program filesSpywareGuardsgmain.exe [2003-8-29 360448] . c:documents and settingsAll UsersMenu StartProgramma'sOpstarten InterVideo WinCinema Manager.lnk - c:program filesInterVideoCommonBinWinCinemaMgr.exe [2011-8-13 131072] . [hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:program filesSUPERAntiSpywareSASSEH.DLL" [2011-10-30 113024] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon] 2009-09-22 05:43 548352 ----a-w- c:program filesSUPERAntiSpywareSASWINLO.DLL . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyLMIinit] 2011-10-08 06:50 87424 ----a-w- c:windowssystem32LMIinit.dll . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal!SASCORE] @="" . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc] @="Service" . [HKLM~startupfolderC:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^hp psc 1000 series.lnk] path=c:documents and settingsAll UsersMenu StartProgramma'sOpstartenhp psc 1000 series.lnk backup=c:windowspsshp psc 1000 series.lnkCommon Startup . [HKLM~startupfolderC:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^hpoddt01.exe.lnk] path=c:documents and settingsAll UsersMenu StartProgramma'sOpstartenhpoddt01.exe.lnk backup=c:windowspsshpoddt01.exe.lnkCommon Startup . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task] 2010-11-29 16:38 421888 ----a-w- c:program filesQuickTimeQTTask.exe . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList] "%windir%system32sessmgr.exe"= "%windir%Network Diagnosticxpnetdiag.exe"= "c:Program FilesMessengermsmsgs.exe"= "c:WINDOWSDownloaded Program FilesPurpleBean.exe"= "c:ijjiENGLISHu_sfsoldierfront.exe"= "c:WINDOWSsystem32PnkBstrA.exe"= "c:WINDOWSsystem32PnkBstrB.exe"= "c:Program FilesUbisoftAssassin's CreedAssassinsCreed_Dx9.exe"= "c:Program FilesUbisoftAssassin's CreedAssassinsCreed_Dx10.exe"= "c:Program FilesUbisoftAssassin's CreedAssassinsCreed_Launcher.exe"= "c:Program FilesActivisionCall of Duty - World at WarCoDWaW.exe"= "c:Program FilesActivisionCall of Duty - World at WarCoDWaWmp.exe"= "c:WINDOWSDownloaded Program FilesijjiOptimizer.exe"= "c:Program FilesMicrosoft LifeCamLifeCam.exe"= "c:Program FilesMicrosoft LifeCamLifeExp.exe"= "c:Program FilesSteamSteamAppscommoncall of duty modern warfare 2iw4sp.exe"= "c:Program FilesSteamSteamAppscommoncall of duty modern warfare 2iw4mp.exe"= "c:Program FilesGoogleGoogle Earthclientgoogleearth.exe"= "c:Program FilesWindows LiveMessengermsnmsgr.exe"= "c:Program FilesWindows LiveSyncWindowsLiveSync.exe"= "c:Program FilesWolfenstein - Enemy TerritoryET.exe"= "c:program filesMicrosoft ActiveSyncrapimgr.exe"= c:program filesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:program filesMicrosoft ActiveSyncwcescomm.exe"= c:program filesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:program filesMicrosoft ActiveSyncWCESMgr.exe"= c:program filesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:Program FilesBonjourmDNSResponder.exe"= "c:Program FilesSafariSafari.exe"= "c:Program FilesiTunesiTunes.exe"= "c:Program FilesActivisionCall of Duty 2CoD2MP_s.exe"= "c:Program FilesActivisionCall of Duty 4 - Modern Warfareiw3mp.exe"= "c:Program FilesSkypePhoneSkype.exe"= . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "1620:UDP"= 1620:UDP:Windows Media Format SDK (wmplayer.exe) "1621:UDP"= 1621:UDP:Windows Media Format SDK (wmplayer.exe) "1624:UDP"= 1624:UDP:Windows Media Format SDK (wmplayer.exe) . R1 SASDIFSV;SASDIFSV;c:program filesSUPERAntiSpywareSASDIFSV.SYS [14/05/2009 13:22 12880] R1 SASKUTIL;SASKUTIL;c:program filesSUPERAntiSpywareSASKUTIL.SYS [14/05/2009 13:22 67664] R2 !SASCORE;SAS Core Service;c:program filesSUPERAntiSpywareSASCORE.EXE [12/06/2011 19:53 116608] R2 a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service;c:program filesEmsisoft Anti-Malwarea2service.exe [13/06/2011 16:44 3045688] R2 ANPD;ANPD Service;c:windowssystem32ANPD.SYS [30/10/2011 7:16 29411] R2 LMIGuardianSvc;LMIGuardianSvc;c:program filesLogMeInx86LMIGuardianSvc.exe [5/10/2010 11:45 374152] R2 LMIInfo;LogMeIn Kernel Information Provider;c:program filesLogMeInx86rainfo.sys [24/07/2008 17:46 12856] S1 MpKsl2a03b60a;MpKsl2a03b60a;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{7262EA36-DCEB-49B7-87AB-3885AE2C843C}MpKsl2a03b60a.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{7262EA36-DCEB-49B7-87AB-3885AE2C843C}MpKsl2a03b60a.sys [?] S1 MpKslb124d8ed;MpKslb124d8ed;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{56BFF251-6282-460B-B669-266224A92BB0}MpKslb124d8ed.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{56BFF251-6282-460B-B669-266224A92BB0}MpKslb124d8ed.sys [?] S1 MpKsld0e9bdc2;MpKsld0e9bdc2;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{70379D85-E50B-44FF-86E2-CFC904337769}MpKsld0e9bdc2.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{70379D85-E50B-44FF-86E2-CFC904337769}MpKsld0e9bdc2.sys [?] S3 a2acc;a2acc;c:program filesEmsisoft Anti-Malwarea2accx86.sys [13/06/2011 16:44 73728] S3 Ambfilt;Ambfilt;c:windowssystem32driversAmbfilt.sys [22/05/2009 8:06 1691480] S3 D_Link_DWA-125;D_Link_DWA-125 Service;c:program filesD-LinkDWA-125 revAANIWZCSdS.exe [30/10/2011 7:16 126976] S3 D_Link_DWA-125_WPS;D_Link_DWA-125_WPS Service;c:program filesD-LinkDWA-125 revAANIWConnService.exe [30/10/2011 7:16 40960] S3 gupdate;Google Updateservice (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [22/11/2009 19:04 135664] S3 gupdatem;Google Update-service (gupdatem);c:program filesGoogleUpdateGoogleUpdate.exe [22/11/2009 19:04 135664] S3 NPF;NetGroup Packet Filter Driver;c:windowssystem32driversnpf.sys [6/11/2007 21:22 34064] S3 npggsvc;nProtect GameGuard Service;c:windowssystem32GameMon.des -service --> c:windowssystem32GameMon.des -service [?] S3 PCPitstop Scheduling;PCPitstop Scheduling;c:program filesPCPitstopPCPitstopScheduleService.exe [30/10/2011 17:53 91816] S3 SASENUM;SASENUM;c:program filesSUPERAntiSpywareSASENUM.SYS [14/05/2009 13:22 12872] S3 SMIGrabber3C;SMI Grabber Device Tuner Filter 3C;c:windowssystem32driversSmiUsbGrabber3C.sys [10/08/2011 18:03 805632] . Inhoud van de 'Gedeelde Taken' map . 2011-08-25 c:windowsTasksAppleSoftwareUpdate.job - c:program filesApple Software UpdateSoftwareUpdate.exe [2009-10-22 15:57] . 2009-06-04 c:windowsTasksFRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4243881968.job - c:program filesHewlett-PackardDigital ImagingBinhpqfrucl.exe [2003-04-09 15:56] . 2011-11-05 c:windowsTasksGoogleUpdateTaskMachineCore.job - c:program filesGoogleUpdateGoogleUpdate.exe [2009-11-22 18:04] . 2011-11-05 c:windowsTasksGoogleUpdateTaskMachineUA.job - c:program filesGoogleUpdateGoogleUpdate.exe [2009-11-22 18:04] . 2011-11-05 c:windowsTasksMP Scheduled Scan.job - c:program filesMicrosoft Security ClientAntimalwareMpCmdRun.exe [2011-04-27 13:39] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ TCP: DhcpNameServer = 195.130.130.4 195.130.131.4 DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab FF - ProfilePath - c:documents and settingsmamaApplication DataMozillaFirefoxProfileshefq8rku.default FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17243 FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - about:home FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=17243&q= . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) MSConfigStartUp-SunJavaUpdateSched - c:program filesJavajre6binjusched.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-11-05 17:33 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINESystemControlSet001Servicesnpggsvc] "ImagePath"="c:windowssystem32GameMon.des -service" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(708) c:program filesSUPERAntiSpywareSASWINLO.DLL c:windowssystem32LMIinit.dll c:windowssystem32LMIRfsClientNP.dll . Voltooingstijd: 2011-11-05 17:34:08 ComboFix-quarantined-files.txt 2011-11-05 16:34 . Pre-Run: 34.522.189.824 bytes beschikbaar Post-Run: 34.536.259.584 bytes beschikbaar . WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS [operating systems] c:cmdconsBOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - CA85724A274B0042712D6BF867B5845A Edited November 6, 2011 by gagaman Link to post Share on other sites
JonTom Posted November 6, 2011 Share Posted November 6, 2011 Hello gagaman Please work through the following steps Open Notepad (Click on "Start", then on "Run" and type "notepad" (without quotations) in the Open field, then click on "OK"). NOTE: Do not Use Wordpad or any other text editor except Notepad or the script will fail. Copy and Paste the text in the quotebox below into the open Notepad window: Firefox:: FF - ProfilePath - c:\documents and settings\mama\Application Data\Mozilla\Firefox\Profiles\hefq8rku.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17243 FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&AF=17243&q= Save this as "CFScript.txt" (including the quotation marks), change the "Save as type" to "All Files" and save it to your desktop. Close any open browsers. Disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refering to the picture below, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Once the log is produced, re-engage your resident anti virus. Link to post Share on other sites
gagaman Posted November 6, 2011 Author Share Posted November 6, 2011 Hello JonTom, Thanks for your reply. I hope I did it right. When I dropped the notapad file on combofix, combofix asked to update to an newer version... I clicked ok. Then combofix seemed to update and did the job. Combofixlog ComboFix 11-11-06.01 - mama 06/11/2011 17:10:31.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3327.2626 [GMT 1:00] Gestart vanuit: c:documents and settingsmamaBureaubladComboFix.exe gebruikte Opdracht switches :: c:documents and settingsmamaBureaubladCFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . (((((((((((((((((((( Bestanden Gemaakt van 2011-10-06 to 2011-11-06 )))))))))))))))))))))))))))))) . . 2011-11-06 16:05 . 2011-11-06 16:05 56200 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{4610ACF3-2D33-4F6A-B07B-EA1FA43E494D}offreg.dll 2011-11-05 16:26 . 2011-10-07 03:48 6668624 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{4610ACF3-2D33-4F6A-B07B-EA1FA43E494D}mpengine.dll 2011-11-03 13:48 . 2011-11-03 13:48 -------- d-----w- c:program filesESET 2011-11-03 13:46 . 2011-11-03 13:46 -------- d-----w- c:program filesCommon FilesJava 2011-11-03 13:46 . 2011-10-03 04:06 472808 ----a-w- c:windowssystem32deployJava1.dll 2011-11-03 13:36 . 2011-11-03 13:36 -------- d-----w- c:program filesMalwarebytes' Anti-Malware 2011-11-03 13:36 . 2011-08-31 16:00 22216 ----a-w- c:windowssystem32driversmbam.sys 2011-11-03 13:31 . 2011-11-03 13:31 -------- d-----w- C:_OTL 2011-11-02 10:25 . 2011-11-06 16:07 -------- d--h--r- c:documents and settingsmamaOnlangs geopend 2011-11-01 11:01 . 2011-11-01 11:01 -------- d-----w- c:program filesSIW 2011-10-30 20:44 . 2011-10-30 20:44 388096 ----a-r- c:documents and settingsmamaApplication DataMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe 2011-10-30 20:44 . 2011-10-30 20:44 -------- d-----w- c:program filesTrend Micro 2011-10-30 16:56 . 2011-10-30 16:56 -------- d-----w- c:documents and settingsAll UsersApplication DataPCPitstopDat 2011-10-30 08:56 . 2011-10-30 08:56 -------- d--h--r- c:documents and settingsAdministratorOnlangs geopend 2011-10-30 08:54 . 2011-10-30 08:54 -------- d-sh--w- c:documents and settingsAdministratorIECompatCache 2011-10-30 08:53 . 2011-10-30 08:54 -------- d-----w- c:documents and settingsAdministratorLocal SettingsApplication DataConduitEngine 2011-10-30 06:16 . 2011-10-30 06:16 48640 ----a-w- c:windowssystem32ANPD64.SYS 2011-10-30 06:16 . 2011-10-30 06:16 34008 ----a-w- c:windowssystem32ANPD.VXD 2011-10-30 06:16 . 2011-10-30 06:16 315392 ----a-w- c:windowssystem32ANPDApi.dll 2011-10-30 06:16 . 2011-10-30 06:16 29411 ----a-w- c:windowssystem32ANPD.SYS 2011-10-30 06:15 . 2009-09-15 13:09 779136 ----a-w- c:windowssystem32driversDrt2870.sys 2011-10-30 06:15 . 2009-09-15 13:08 221184 ----a-w- c:windowssystem32RaCoInst.dll 2011-10-30 06:15 . 2011-10-30 06:15 -------- d-----w- c:program filesD-Link 2011-10-30 06:15 . 2011-10-30 06:15 -------- d-----w- c:documents and settingsAdministratorApplication DataInstallShield 2011-10-30 06:13 . 2011-10-30 06:13 -------- d-----w- c:documents and settingsAdministratorApplication DataUlead Systems 2011-10-30 06:13 . 2011-10-30 06:13 -------- d-----w- c:documents and settingsAdministratorApplication DataApple Computer 2011-10-19 14:31 . 2011-10-19 14:31 -------- d-----w- c:documents and settingsAll UsersApplication DataHEMA Fotoservice 2011-10-19 14:31 . 2011-10-19 14:31 -------- d-----w- c:program filesHEMA Fotoservice 2011-10-13 17:56 . 2011-10-19 13:58 -------- d-----w- c:documents and settingsAll UsersApplication Datatmp 2011-10-13 17:56 . 2011-10-13 17:56 -------- d-----w- c:documents and settingsAll UsersApplication Datahps 2011-10-13 17:55 . 2011-10-13 17:55 -------- d-----w- c:program filesbol.com . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-02 13:11 . 2011-06-07 16:11 414368 ----a-w- c:windowssystem32FlashPlayerCPLApp.cpl 2011-10-08 06:50 . 2009-05-22 20:24 52096 ----a-w- c:windowssystem32Spoolprtprocsw32x86LMIproc.dll 2011-10-08 06:50 . 2009-05-22 20:24 83360 ----a-w- c:windowssystem32LMIRfsClientNP.dll 2011-10-08 06:50 . 2009-05-22 20:24 30592 ----a-w- c:windowssystem32LMIport.dll 2011-10-08 06:50 . 2009-05-22 20:24 87424 ----a-w- c:windowssystem32LMIinit.dll 2011-10-07 03:48 . 2011-06-13 18:01 6668624 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition UpdatesBackupmpengine.dll 2011-10-03 01:37 . 2009-06-03 16:08 73728 ----a-w- c:windowssystem32javacpl.cpl 2011-09-26 09:41 . 2008-07-29 17:59 614912 ----a-w- c:windowssystem32uiautomationcore.dll 2011-09-26 09:41 . 2004-08-04 12:00 23040 ----a-w- c:windowssystem32oleaccrc.dll 2011-09-26 09:41 . 2004-08-04 12:00 220160 ----a-w- c:windowssystem32oleacc.dll 2011-09-09 09:12 . 2004-08-04 12:00 602624 ----a-w- c:windowssystem32crypt32.dll 2011-09-06 14:09 . 2004-08-04 12:00 1859072 ----a-w- c:windowssystem32win32k.sys 2011-08-22 23:41 . 2004-08-04 12:00 916480 ----a-w- c:windowssystem32wininet.dll 2011-08-22 23:41 . 2004-08-04 12:00 43520 ----a-w- c:windowssystem32licmgr10.dll 2011-08-22 23:41 . 2004-08-04 12:00 1469440 ----a-w- c:windowssystem32inetcpl.cpl 2011-08-22 11:58 . 2004-08-04 12:00 385024 ----a-w- c:windowssystem32html.iec 2011-08-17 13:49 . 2004-08-04 12:00 138496 ----a-w- c:windowssystem32driversafd.sys 2011-08-13 12:00 . 2011-08-11 12:40 61244 ----a-w- c:windowssystem32x264vfw-uninstall.exe 2011-04-14 16:57 . 2011-04-29 14:24 142296 ----a-w- c:program filesmozilla firefoxcomponentsbrowsercomps.dll . . ((((((((((((((((((((((((((((( [email protected]_16.33.05 ))))))))))))))))))))))))))))))))))))))))) . + 2011-11-06 16:05 . 2011-11-06 16:05 16384 c:windowsTempPerflib_Perfdata_104.dat - 2011-11-05 16:15 . 2011-11-05 16:15 16384 c:windowsTempPerflib_Perfdata_104.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "Skype"="c:program filesSkypePhoneSkype.exe" [2011-07-29 17361032] . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "Six Engine"="c:program filesASUSEPU-4 EngineFourEngine.exe" [2008-07-23 5625344] "LogMeIn GUI"="c:program filesLogMeInx86LogMeInSystray.exe" [2008-07-24 63048] "RTHDCPL"="RTHDCPL.EXE" [2009-12-25 18789408] "LifeCam"="c:program filesMicrosoft LifeCamLifeExp.exe" [2007-05-17 279912] "VX1000"="c:windowsvVX1000.exe" [2007-04-10 709992] "MSC"="c:program filesMicrosoft Security Clientmsseces.exe" [2011-06-15 997920] "AppleSyncNotifier"="c:program filesCommon FilesAppleMobile Device SupportAppleSyncNotifier.exe" [2011-04-20 58656] "iTunesHelper"="c:program filesiTunesiTunesHelper.exe" [2011-06-07 421160] "PWRISOVM.EXE"="c:program filesPowerISOPWRISOVM.EXE" [2011-06-15 307200] "UVS10 Preload"="c:program filesUlead SystemsUlead VideoStudio SE DVDuvPL.exe" [2006-08-09 36864] "WinDVR SchSvr"="c:program filesCommon FilesInterVideoSchSvrSchSvr.exe" [2003-06-06 151552] "D-Link D-Link DWA-125"="c:program filesD-LinkDWA-125 revAAirGCFG.exe" [2009-10-19 995328] "WZCSLDR2"="c:program filesD-LinkDWA-125 revAWZCSLDR2.exe" [2009-10-19 122880] "Info Center"="c:program filesPCPitstopInfo CenterInfoCenter.exe" [2011-09-26 24216] "SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe" [2011-06-09 254696] . [HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun] "CTFMON.EXE"="c:windowssystem32CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:progra~1COMMON~1MICROS~1DWdwtrig20.exe" [2011-07-27 434080] . c:documents and settingsmamaMenu StartProgramma'sOpstarten SpywareGuard.lnk - c:program filesSpywareGuardsgmain.exe [2003-8-29 360448] . c:documents and settingsAll UsersMenu StartProgramma'sOpstarten InterVideo WinCinema Manager.lnk - c:program filesInterVideoCommonBinWinCinemaMgr.exe [2011-8-13 131072] . [hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:program filesSUPERAntiSpywareSASSEH.DLL" [2011-10-30 113024] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon] 2009-09-22 05:43 548352 ----a-w- c:program filesSUPERAntiSpywareSASWINLO.DLL . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyLMIinit] 2011-10-08 06:50 87424 ----a-w- c:windowssystem32LMIinit.dll . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal!SASCORE] @="" . [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc] @="Service" . [HKLM~startupfolderC:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^hp psc 1000 series.lnk] path=c:documents and settingsAll UsersMenu StartProgramma'sOpstartenhp psc 1000 series.lnk backup=c:windowspsshp psc 1000 series.lnkCommon Startup . [HKLM~startupfolderC:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^hpoddt01.exe.lnk] path=c:documents and settingsAll UsersMenu StartProgramma'sOpstartenhpoddt01.exe.lnk backup=c:windowspsshpoddt01.exe.lnkCommon Startup . [HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task] 2010-11-29 16:38 421888 ----a-w- c:program filesQuickTimeQTTask.exe . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList] "%windir%system32sessmgr.exe"= "%windir%Network Diagnosticxpnetdiag.exe"= "c:Program FilesMessengermsmsgs.exe"= "c:WINDOWSDownloaded Program FilesPurpleBean.exe"= "c:ijjiENGLISHu_sfsoldierfront.exe"= "c:WINDOWSsystem32PnkBstrA.exe"= "c:WINDOWSsystem32PnkBstrB.exe"= "c:Program FilesUbisoftAssassin's CreedAssassinsCreed_Dx9.exe"= "c:Program FilesUbisoftAssassin's CreedAssassinsCreed_Dx10.exe"= "c:Program FilesUbisoftAssassin's CreedAssassinsCreed_Launcher.exe"= "c:Program FilesActivisionCall of Duty - World at WarCoDWaW.exe"= "c:Program FilesActivisionCall of Duty - World at WarCoDWaWmp.exe"= "c:WINDOWSDownloaded Program FilesijjiOptimizer.exe"= "c:Program FilesMicrosoft LifeCamLifeCam.exe"= "c:Program FilesMicrosoft LifeCamLifeExp.exe"= "c:Program FilesSteamSteamAppscommoncall of duty modern warfare 2iw4sp.exe"= "c:Program FilesSteamSteamAppscommoncall of duty modern warfare 2iw4mp.exe"= "c:Program FilesGoogleGoogle Earthclientgoogleearth.exe"= "c:Program FilesWindows LiveMessengermsnmsgr.exe"= "c:Program FilesWindows LiveSyncWindowsLiveSync.exe"= "c:Program FilesWolfenstein - Enemy TerritoryET.exe"= "c:program filesMicrosoft ActiveSyncrapimgr.exe"= c:program filesMicrosoft ActiveSyncrapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:program filesMicrosoft ActiveSyncwcescomm.exe"= c:program filesMicrosoft ActiveSyncwcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:program filesMicrosoft ActiveSyncWCESMgr.exe"= c:program filesMicrosoft ActiveSyncWCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:Program FilesBonjourmDNSResponder.exe"= "c:Program FilesSafariSafari.exe"= "c:Program FilesiTunesiTunes.exe"= "c:Program FilesActivisionCall of Duty 2CoD2MP_s.exe"= "c:Program FilesActivisionCall of Duty 4 - Modern Warfareiw3mp.exe"= "c:Program FilesSkypePhoneSkype.exe"= . [HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "1620:UDP"= 1620:UDP:Windows Media Format SDK (wmplayer.exe) "1621:UDP"= 1621:UDP:Windows Media Format SDK (wmplayer.exe) "1624:UDP"= 1624:UDP:Windows Media Format SDK (wmplayer.exe) . R1 SASDIFSV;SASDIFSV;c:program filesSUPERAntiSpywareSASDIFSV.SYS [14/05/2009 13:22 12880] R1 SASKUTIL;SASKUTIL;c:program filesSUPERAntiSpywareSASKUTIL.SYS [14/05/2009 13:22 67664] R2 !SASCORE;SAS Core Service;c:program filesSUPERAntiSpywareSASCORE.EXE [12/06/2011 19:53 116608] R2 a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service;c:program filesEmsisoft Anti-Malwarea2service.exe [13/06/2011 16:44 3045688] R2 ANPD;ANPD Service;c:windowssystem32ANPD.SYS [30/10/2011 7:16 29411] R2 LMIGuardianSvc;LMIGuardianSvc;c:program filesLogMeInx86LMIGuardianSvc.exe [5/10/2010 11:45 374152] R2 LMIInfo;LogMeIn Kernel Information Provider;c:program filesLogMeInx86rainfo.sys [24/07/2008 17:46 12856] S1 MpKsl2a03b60a;MpKsl2a03b60a;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{7262EA36-DCEB-49B7-87AB-3885AE2C843C}MpKsl2a03b60a.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{7262EA36-DCEB-49B7-87AB-3885AE2C843C}MpKsl2a03b60a.sys [?] S1 MpKslb124d8ed;MpKslb124d8ed;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{56BFF251-6282-460B-B669-266224A92BB0}MpKslb124d8ed.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{56BFF251-6282-460B-B669-266224A92BB0}MpKslb124d8ed.sys [?] S1 MpKsld0e9bdc2;MpKsld0e9bdc2;??c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{70379D85-E50B-44FF-86E2-CFC904337769}MpKsld0e9bdc2.sys --> c:documents and settingsAll UsersApplication DataMicrosoftMicrosoft AntimalwareDefinition Updates{70379D85-E50B-44FF-86E2-CFC904337769}MpKsld0e9bdc2.sys [?] S3 a2acc;a2acc;c:program filesEmsisoft Anti-Malwarea2accx86.sys [13/06/2011 16:44 73728] S3 Ambfilt;Ambfilt;c:windowssystem32driversAmbfilt.sys [22/05/2009 8:06 1691480] S3 D_Link_DWA-125;D_Link_DWA-125 Service;c:program filesD-LinkDWA-125 revAANIWZCSdS.exe [30/10/2011 7:16 126976] S3 D_Link_DWA-125_WPS;D_Link_DWA-125_WPS Service;c:program filesD-LinkDWA-125 revAANIWConnService.exe [30/10/2011 7:16 40960] S3 gupdate;Google Updateservice (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [22/11/2009 19:04 135664] S3 gupdatem;Google Update-service (gupdatem);c:program filesGoogleUpdateGoogleUpdate.exe [22/11/2009 19:04 135664] S3 NPF;NetGroup Packet Filter Driver;c:windowssystem32driversnpf.sys [6/11/2007 21:22 34064] S3 npggsvc;nProtect GameGuard Service;c:windowssystem32GameMon.des -service --> c:windowssystem32GameMon.des -service [?] S3 PCPitstop Scheduling;PCPitstop Scheduling;c:program filesPCPitstopPCPitstopScheduleService.exe [30/10/2011 17:53 91816] S3 SASENUM;SASENUM;c:program filesSUPERAntiSpywareSASENUM.SYS [14/05/2009 13:22 12872] S3 SMIGrabber3C;SMI Grabber Device Tuner Filter 3C;c:windowssystem32driversSmiUsbGrabber3C.sys [10/08/2011 18:03 805632] . Inhoud van de 'Gedeelde Taken' map . 2011-08-25 c:windowsTasksAppleSoftwareUpdate.job - c:program filesApple Software UpdateSoftwareUpdate.exe [2009-10-22 15:57] . 2009-06-04 c:windowsTasksFRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4243881968.job - c:program filesHewlett-PackardDigital ImagingBinhpqfrucl.exe [2003-04-09 15:56] . 2011-11-06 c:windowsTasksGoogleUpdateTaskMachineCore.job - c:program filesGoogleUpdateGoogleUpdate.exe [2009-11-22 18:04] . 2011-11-05 c:windowsTasksGoogleUpdateTaskMachineUA.job - c:program filesGoogleUpdateGoogleUpdate.exe [2009-11-22 18:04] . 2011-11-06 c:windowsTasksMP Scheduled Scan.job - c:program filesMicrosoft Security ClientAntimalwareMpCmdRun.exe [2011-04-27 13:39] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ TCP: DhcpNameServer = 195.130.130.4 195.130.131.4 DPF: {070DC617-E3B7-468B-A29C-D4E84FAE938C} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab FF - ProfilePath - c:documents and settingsmamaApplication DataMozillaFirefoxProfileshefq8rku.default FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - about:home . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-11-06 17:15 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINESystemControlSet001Servicesnpggsvc] "ImagePath"="c:windowssystem32GameMon.des -service" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(708) c:program filesSUPERAntiSpywareSASWINLO.DLL c:windowssystem32LMIinit.dll c:windowssystem32LMIRfsClientNP.dll . - - - - - - - > 'explorer.exe'(3008) c:windowssystem32webcheck.dll c:windowssystem32WPDShServiceObj.dll c:windowssystem32PortableDeviceTypes.dll c:windowssystem32PortableDeviceApi.dll . Voltooingstijd: 2011-11-06 17:16:45 ComboFix-quarantined-files.txt 2011-11-06 16:16 ComboFix2.txt 2011-11-05 16:34 . Pre-Run: 34.592.882.688 bytes beschikbaar Post-Run: 34.581.741.568 bytes beschikbaar . - - End Of File - - 14E0B88EFB3CC5716D4D3F71F4904C67 Link to post Share on other sites
JonTom Posted November 6, 2011 Share Posted November 6, 2011 Hello gagaman I hope I did it right You did it just fine When I dropped the notapad file on combofix, combofix asked to update to an newer version... I clicked ok. Then combofix seemed to update and did the job. Thats normal procedure when an update is available - you did the right thing by allowing it to install. The new comboFix log looks good to me - no more signs of babylon Provided you are no longer experiencing any other problems I think we can remove our tools: Please Uninstall Combofix Click on "Start" and then on "Run". Now type combofix /uninstall in the run box and click "OK". Please note the space between the "x" and the "/Uninstall", it needs to be there. Please perform the following cleanup procedure Double click on the OTL.exe icon on your desktop to run the program. Once OTL has opened, click on the "CleanUp!" button. Follow any prompts that you receive. Your Adobe Reader is out of date You can obtain the latest version of Adobe Reader from here, and the latest version of Flash Player from here. For more information and links to Adobe updates and downloads click here. Its a little slow at startup, but I will check the services that load at startup and disable the ones that are not necessary. Will do this after you declared this machine clean The following may be helpful: Defragment your hard drive Download and run Auslogics Disc Defragmenter. You can find it here: http://forums.whatth...frag%2Fdownload StartupLight You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve performance. You can find it here: http://www.malwareby...startuplite.php More information can be found in the link below: http://www.bleepingc...ndpost&p=487112 Once you have completed the above steps you should be good to go! If you have any further questions, please feel free to ask. Finally, please take the time to read through the information provided below: Enhance your System Security For an excellent list of free anti virus software, free online virus scanners, free spyware detection/removal and free firewalls, click here. IMPORTANT! Please make sure you only have ONE firewall and ONE real-time antivirus installed on your system. When using "on demand" scanners, first update the detection signature files, then disconnect from the internet and disable your resident security program before running the scan. Once complete, remember to re-engage your resident security before going online. Web Browsers and Browser Security Firefox You can download Firefox from here. No-Script If you use Firefox as your default browser, No-Script can provide additional security by preventing malicious scripts from being executed on your system. You can download No-Script by clicking here. Internet Explorer The newest version of Internet Explorer is available from here. Please Note: IE9 is not configured to run on XP machines. SpywareBlaster If you use Internet Explorer as your default browser, SpywareBlaster would be a valuable addition to your online security. SpywareBlaster prevents malicious ActiveX objects from being downloaded onto your system. You can download SpywareBlaster by clicking here. Web of Trust When using search engines, Web of Trust provides you with an easy way of telling the good sites from the bad and is compatible with both Firefox and Internet Explorer. Coloured symbols are displayed next to search results, giving you more confidence in the links you choose to click on: Green (To go), Yellow (Caution) and Red (Stop). You can download Web of Trust by clicking here. Keep your Software Updated Outdated software can sometimes have vulnerabilities that are exploitable by malware. Check if there are available updates for your installed software with Secunia's Online Software Inspector by clicking here. Passwords Learn how to create strong passwords by clicking here and test the strength of the passwords you already use by clicking here. General Reading PC Safety and Security - What do I need? How to prevent Malware (by Miekiemoes) Learn How To Combat Malware Would you like to learn how to fight back against malware and help others? Enroll at the What The Tech (Formerly Tom Coyotes) Malware Classroom by clicking here. Link to post Share on other sites
gagaman Posted November 6, 2011 Author Share Posted November 6, 2011 Hello jonTom, Thanks for your time and efforts to help me with this computer. Really appreciated!! I will pass your final advices to the lady who owns this pc. regards gagaman Link to post Share on other sites
JonTom Posted November 6, 2011 Share Posted November 6, 2011 Thanks for your time and efforts to help me with this computer. Really appreciated!! I will pass your final advices to the lady who owns this pc. You are both Very Welcome Best wishes JonTom Link to post Share on other sites
JonTom Posted November 8, 2011 Share Posted November 8, 2011 Since this problem appears to be resolved this topic is now closed. Glad we could help Best wishes JonTom Link to post Share on other sites
.png.9d4b89b15b2cd5e65edd93a0e6823dce.png)
Recommended Posts